shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-10 10:26:47 +09:00
Code Issues Packages Projects Releases Wiki Activity

libssh: deprecate SSH_KEYTYPE_ECDSA

Browse Source 
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Ben Toews
2019-03-12 10:25:49 -06:00
committed by Andreas Schneider
parent 78f764b7c9
commit b1f3cfec34
29 changed files with 546 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
tests/unittests/torture_pki_ecdsa.c
View File

@@ -19,6 +19,7 @@ const unsigned char ECDSA_HASH[] = "12345678901234567890";
struct pki_st {
char *cwd;
char *temp_dir;
enum ssh_keytypes_e type;
};
static int setup_ecdsa_key(void **state, int ecdsa_bits)
@@ -47,12 +48,24 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits)
printf("Changed directory to: %s\n", tmp_dir);
switch (ecdsa_bits) {
case 521:
test_state->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 384:
test_state->type = SSH_KEYTYPE_ECDSA_P384;
break;
default:
test_state->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
torture_write_file(LIBSSH_ECDSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0));
torture_get_testkey(test_state->type, 0));
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1));
torture_get_testkey(test_state->type, 1));
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits));
torture_get_testkey_pub(test_state->type));
return 0;
}
@@ -84,15 +97,25 @@ static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits)
printf("Changed directory to: %s\n", tmp_dir);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0);
torture_write_file(LIBSSH_ECDSA_TESTKEY,
keystring);
switch (ecdsa_bits) {
case 521:
test_state->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 384:
test_state->type = SSH_KEYTYPE_ECDSA_P384;
break;
default:
test_state->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1);
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
keystring);
keystring = torture_get_openssh_testkey(test_state->type, 0);
torture_write_file(LIBSSH_ECDSA_TESTKEY, keystring);
keystring = torture_get_openssh_testkey(test_state->type, 1);
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, keystring);
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits));
torture_get_testkey_pub(test_state->type));
return 0;
}
@@ -249,8 +272,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
const char *q = NULL;
ssh_key key = NULL;
int rc;
(void) state; /* unused */
struct pki_st *test_state = *((struct pki_st **)state);
key_buf = torture_pki_read_file(LIBSSH_ECDSA_TESTKEY ".pub");
assert_non_null(key_buf);
@@ -262,7 +284,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
}
type = ssh_key_type_from_name(q);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == test_state->type);
q = ++p;
while (p != NULL && *p != '\0' && *p != ' ') p++;
@@ -427,6 +449,24 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_session session=ssh_new();
(void) state;
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
etype_char = ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
@@ -435,15 +475,33 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
etype_char = ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
@@ -452,15 +510,33 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
@@ -469,9 +545,9 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);