shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

libssh: deprecate SSH_KEYTYPE_ECDSA

Browse Source 
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Ben Toews
2019-03-12 10:25:49 -06:00
committed by Andreas Schneider
parent 78f764b7c9
commit b1f3cfec34
29 changed files with 546 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/libssh/libssh.h
View File

@@ -293,10 +293,13 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_DSS=1, SSH_KEYTYPE_DSS=1,
SSH_KEYTYPE_RSA, SSH_KEYTYPE_RSA,
SSH_KEYTYPE_RSA1, SSH_KEYTYPE_RSA1,
SSH_KEYTYPE_ECDSA, SSH_KEYTYPE_ECDSA, /* deprecated */
SSH_KEYTYPE_ED25519, SSH_KEYTYPE_ED25519,
SSH_KEYTYPE_DSS_CERT01, SSH_KEYTYPE_DSS_CERT01,
SSH_KEYTYPE_RSA_CERT01 SSH_KEYTYPE_RSA_CERT01,
SSH_KEYTYPE_ECDSA_P256,
SSH_KEYTYPE_ECDSA_P384,
SSH_KEYTYPE_ECDSA_P521,
}; };
enum ssh_keycmp_e { enum ssh_keycmp_e {

3
include/libssh/pki.h
View File

@@ -101,6 +101,9 @@ ssh_key_get_signature_algorithm(ssh_session session,
enum ssh_keytypes_e type); enum ssh_keytypes_e type);
enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name); enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name);
#define is_ecdsa_key_type(t) \
((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
/* SSH Signature Functions */ /* SSH Signature Functions */
ssh_signature ssh_signature_new(void); ssh_signature ssh_signature_new(void);
void ssh_signature_free(ssh_signature sign); void ssh_signature_free(ssh_signature sign);

49
src/auth.c
View File

@@ -515,26 +515,13 @@ int ssh_userauth_try_publickey(ssh_session session,
return SSH_ERROR; return SSH_ERROR;
} }
switch (pubkey->type) { /* Check if the given public key algorithm is allowed */
case SSH_KEYTYPE_UNKNOWN: sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
ssh_set_error(session, if (sig_type_c == NULL) {
SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)"); "Invalid key type (unknown)");
return SSH_AUTH_DENIED; return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
break;
} }
/* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) { if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by" "The key algorithm '%s' is not allowed to be used by"
@@ -651,26 +638,13 @@ int ssh_userauth_publickey(ssh_session session,
/* Cert auth requires presenting the cert type name (*-cert@openssh.com) */ /* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type; key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
switch (key_type) { /* Check if the given public key algorithm is allowed */
case SSH_KEYTYPE_UNKNOWN: sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
ssh_set_error(session, if (sig_type_c == NULL) {
SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)"); "Invalid key type (unknown)");
return SSH_AUTH_DENIED; return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(privkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
break;
} }
/* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) { if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by" "The key algorithm '%s' is not allowed to be used by"
@@ -777,9 +751,14 @@ static int ssh_userauth_agent_publickey(ssh_session session,
if (rc < 0) { if (rc < 0) {
goto fail; goto fail;
} }
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
/* Check if the given public key algorithm is allowed */ /* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
}
if (!ssh_key_algorithm_allowed(session, sig_type_c)) { if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED, ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by" "The key algorithm '%s' is not allowed to be used by"

2
src/bind.c
View File

@@ -176,7 +176,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
return SSH_ERROR; return SSH_ERROR;
} }
if (ssh_key_type(sshbind->ecdsa) != SSH_KEYTYPE_ECDSA) { if (!is_ecdsa_key_type(ssh_key_type(sshbind->ecdsa))) {
ssh_set_error(sshbind, SSH_FATAL, ssh_set_error(sshbind, SSH_FATAL,
"The ECDSA host key has the wrong type"); "The ECDSA host key has the wrong type");
ssh_key_free(sshbind->ecdsa); ssh_key_free(sshbind->ecdsa);

8
src/known_hosts.c
View File

@@ -373,13 +373,7 @@ int ssh_is_server_known(ssh_session session) {
} }
if (match) { if (match) {
ssh_key pubkey = ssh_dh_get_current_server_publickey(session); ssh_key pubkey = ssh_dh_get_current_server_publickey(session);
const char *pubkey_type = NULL; const char *pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
if (ssh_key_type(pubkey) == SSH_KEYTYPE_ECDSA) {
pubkey_type = ssh_pki_key_ecdsa_name(pubkey);
} else {
pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
}
/* We got a match. Now check the key type */ /* We got a match. Now check the key type */
if (strcmp(pubkey_type, type) != 0) { if (strcmp(pubkey_type, type) != 0) {

8
src/options.c
View File

@@ -1653,7 +1653,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
"without DSA support"); "without DSA support");
#endif #endif
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC #ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa; bind_key_loc = &sshbind->ecdsa;
bind_key_path_loc = &sshbind->ecdsakey; bind_key_path_loc = &sshbind->ecdsakey;
@@ -1715,7 +1717,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
"without DSA support"); "without DSA support");
#endif #endif
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC #ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa; bind_key_loc = &sshbind->ecdsa;
#else #else

74
src/pki.c
View File

@@ -74,7 +74,10 @@ enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) {
} }
if (strncmp(privkey, ECDSA_HEADER_BEGIN, strlen(ECDSA_HEADER_BEGIN)) == 0) { if (strncmp(privkey, ECDSA_HEADER_BEGIN, strlen(ECDSA_HEADER_BEGIN)) == 0) {
return SSH_KEYTYPE_ECDSA; /* We don't know what the curve is at this point, so we don't actually
* know the type. We figure out the actual curve and fix things up in
* pki_private_key_from_base64 */
return SSH_KEYTYPE_ECDSA_P256;
} }
return SSH_KEYTYPE_UNKNOWN; return SSH_KEYTYPE_UNKNOWN;
@@ -185,8 +188,9 @@ void ssh_key_free (ssh_key key){
* @brief returns the type of a ssh key * @brief returns the type of a ssh key
* @param[in] key the ssh_key handle * @param[in] key the ssh_key handle
* @returns one of SSH_KEYTYPE_RSA, SSH_KEYTYPE_DSS, * @returns one of SSH_KEYTYPE_RSA, SSH_KEYTYPE_DSS,
* SSH_KEYTYPE_ECDSA, SSH_KEYTYPE_ED25519, * SSH_KEYTYPE_ECDSA_P256, SSH_KEYTYPE_ECDSA_P384,
* SSH_KEYTYPE_DSS_CERT01, SSH_KEYTYPE_RSA_CERT01 * SSH_KEYTYPE_ECDSA_P521, SSH_KEYTYPE_ED25519, SSH_KEYTYPE_DSS_CERT01,
* or SSH_KEYTYPE_RSA_CERT01.
* @returns SSH_KEYTYPE_UNKNOWN if the type is unknown * @returns SSH_KEYTYPE_UNKNOWN if the type is unknown
*/ */
enum ssh_keytypes_e ssh_key_type(const ssh_key key){ enum ssh_keytypes_e ssh_key_type(const ssh_key key){
@@ -241,7 +245,13 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
return "ssh-rsa"; return "ssh-rsa";
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA:
return "ssh-ecdsa"; return "ssh-ecdsa"; /* deprecated. invalid value */
case SSH_KEYTYPE_ECDSA_P256:
return "ecdsa-sha2-nistp256";
case SSH_KEYTYPE_ECDSA_P384:
return "ecdsa-sha2-nistp384";
case SSH_KEYTYPE_ECDSA_P521:
return "ecdsa-sha2-nistp521";
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
return "ssh-ed25519"; return "ssh-ed25519";
case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_DSS_CERT01:
@@ -398,10 +408,12 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) {
return SSH_KEYTYPE_DSS; return SSH_KEYTYPE_DSS;
} else if (strcmp(name, "ssh-ecdsa") == 0 } else if (strcmp(name, "ssh-ecdsa") == 0
|| strcmp(name, "ecdsa") == 0 || strcmp(name, "ecdsa") == 0
|| strcmp(name, "ecdsa-sha2-nistp256") == 0 || strcmp(name, "ecdsa-sha2-nistp256") == 0) {
|| strcmp(name, "ecdsa-sha2-nistp384") == 0 return SSH_KEYTYPE_ECDSA_P256;
|| strcmp(name, "ecdsa-sha2-nistp521") == 0) { } else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
return SSH_KEYTYPE_ECDSA; return SSH_KEYTYPE_ECDSA_P384;
} else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
return SSH_KEYTYPE_ECDSA_P521;
} else if (strcmp(name, "ssh-ed25519") == 0){ } else if (strcmp(name, "ssh-ed25519") == 0){
return SSH_KEYTYPE_ED25519; return SSH_KEYTYPE_ED25519;
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
@@ -517,7 +529,9 @@ void ssh_signature_free(ssh_signature sig)
SAFE_FREE(sig->rsa_sig); SAFE_FREE(sig->rsa_sig);
#endif #endif
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
gcry_sexp_release(sig->ecdsa_sig); gcry_sexp_release(sig->ecdsa_sig);
#elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC) #elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC)
@@ -533,6 +547,7 @@ void ssh_signature_free(ssh_signature sig)
case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
break; break;
} }
@@ -973,7 +988,9 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
} }
break; break;
#ifdef HAVE_ECC #ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
{ {
ssh_string e = NULL; ssh_string e = NULL;
ssh_string exp = NULL; ssh_string exp = NULL;
@@ -1001,9 +1018,6 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key"); SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key");
goto fail; goto fail;
} }
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
} }
break; break;
#endif #endif
@@ -1120,7 +1134,10 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
} }
break; break;
#ifdef HAVE_ECC #ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA: /* deprecated */
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
{ {
ssh_string e = NULL; ssh_string e = NULL;
ssh_string i = NULL; ssh_string i = NULL;
@@ -1147,8 +1164,10 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
} }
/* Update key type */ /* Update key type */
if (type == SSH_KEYTYPE_ECDSA) {
key->type_c = ssh_pki_key_ecdsa_name(key); key->type_c = ssh_pki_key_ecdsa_name(key);
} }
}
break; break;
#endif #endif
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
@@ -1539,7 +1558,6 @@ int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
* @param[in] parameter Parameter to the creation of key: * @param[in] parameter Parameter to the creation of key:
* rsa : length of the key in bits (e.g. 1024, 2048, 4096) * rsa : length of the key in bits (e.g. 1024, 2048, 4096)
* dsa : length of the key in bits (e.g. 1024, 2048, 3072) * dsa : length of the key in bits (e.g. 1024, 2048, 3072)
* ecdsa : bits of the key (e.g. 256, 384, 521)
* @param[out] pkey A pointer to store the allocated private key. You need * @param[out] pkey A pointer to store the allocated private key. You need
* to free the memory. * to free the memory.
* *
@@ -1572,7 +1590,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
goto error; goto error;
break; break;
#ifdef HAVE_ECC #ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA: /* deprecated */
rc = pki_key_generate_ecdsa(key, parameter); rc = pki_key_generate_ecdsa(key, parameter);
if (rc == SSH_ERROR) { if (rc == SSH_ERROR) {
goto error; goto error;
@@ -1581,6 +1599,24 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
/* Update key type */ /* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key); key->type_c = ssh_pki_key_ecdsa_name(key);
break; break;
case SSH_KEYTYPE_ECDSA_P256:
rc = pki_key_generate_ecdsa(key, 256);
if (rc == SSH_ERROR) {
goto error;
}
break;
case SSH_KEYTYPE_ECDSA_P384:
rc = pki_key_generate_ecdsa(key, 384);
if (rc == SSH_ERROR) {
goto error;
}
break;
case SSH_KEYTYPE_ECDSA_P521:
rc = pki_key_generate_ecdsa(key, 521);
if (rc == SSH_ERROR) {
goto error;
}
break;
#endif #endif
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
rc = pki_key_generate_ed25519(key); rc = pki_key_generate_ed25519(key);
@@ -1939,7 +1975,7 @@ int ssh_pki_signature_verify(ssh_session session,
return SSH_ERROR; return SSH_ERROR;
} }
if (key->type == SSH_KEYTYPE_ECDSA) { if (is_ecdsa_key_type(key->type)) {
#if HAVE_ECC #if HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0}; unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen; uint32_t elen;
@@ -2028,7 +2064,7 @@ ssh_string ssh_pki_do_sign(ssh_session session,
} }
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len); ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
if (privkey->type == SSH_KEYTYPE_ECDSA) { if (is_ecdsa_key_type(privkey->type)) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0}; unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen; uint32_t elen;
@@ -2211,7 +2247,7 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
return NULL; return NULL;
} }
if (privkey->type == SSH_KEYTYPE_ECDSA) { if (is_ecdsa_key_type(privkey->type)) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0}; unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen; uint32_t elen;

116
src/pki_crypto.c
View File

@@ -92,6 +92,24 @@ static int pki_key_ecdsa_to_nid(EC_KEY *k)
return -1; return -1;
} }
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EC_KEY *k)
{
static int nid;
nid = pki_key_ecdsa_to_nid(k);
switch (nid) {
case NID_X9_62_prime256v1:
return SSH_KEYTYPE_ECDSA_P256;
case NID_secp384r1:
return SSH_KEYTYPE_ECDSA_P384;
case NID_secp521r1:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
const char *pki_key_ecdsa_nid_to_name(int nid) const char *pki_key_ecdsa_nid_to_name(int nid)
{ {
switch (nid) { switch (nid) {
@@ -451,7 +469,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
break; break;
} }
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
new->ecdsa_nid = key->ecdsa_nid; new->ecdsa_nid = key->ecdsa_nid;
@@ -551,26 +571,24 @@ int pki_key_generate_dss(ssh_key key, int parameter){
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) { int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
int ok; int ok;
switch (parameter) { switch (parameter) {
case 384: case 384:
nid = NID_secp384r1; key->ecdsa_nid = NID_secp384r1;
key->type = SSH_KEYTYPE_ECDSA_P384;
break; break;
case 521: case 521:
nid = NID_secp521r1; key->ecdsa_nid = NID_secp521r1;
key->type = SSH_KEYTYPE_ECDSA_P521;
break; break;
case 256: case 256:
default: default:
nid = NID_X9_62_prime256v1; key->ecdsa_nid = NID_X9_62_prime256v1;
key->type = SSH_KEYTYPE_ECDSA_P256;
} }
key->ecdsa_nid = nid; key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(nid);
if (key->ecdsa == NULL) { if (key->ecdsa == NULL) {
return SSH_ERROR; return SSH_ERROR;
} }
@@ -650,7 +668,9 @@ int pki_key_compare(const ssh_key k1,
} }
break; break;
} }
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
{ {
const EC_POINT *p1 = EC_KEY_get0_public_key(k1->ecdsa); const EC_POINT *p1 = EC_KEY_get0_public_key(k1->ecdsa);
@@ -756,7 +776,9 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
} }
break; break;
#ifdef HAVE_ECC #ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
if (passphrase == NULL) { if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data }; struct pem_get_password_struct pgp = { auth_fn, auth_data };
@@ -818,7 +840,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
DSA *dsa = NULL; DSA *dsa = NULL;
RSA *rsa = NULL; RSA *rsa = NULL;
ed25519_privkey *ed25519 = NULL; ed25519_privkey *ed25519 = NULL;
ssh_key key; ssh_key key = NULL;
enum ssh_keytypes_e type; enum ssh_keytypes_e type;
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
EC_KEY *ecdsa = NULL; EC_KEY *ecdsa = NULL;
@@ -884,7 +906,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
if (passphrase == NULL) { if (passphrase == NULL) {
if (auth_fn) { if (auth_fn) {
@@ -908,12 +932,21 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
return NULL; return NULL;
} }
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
break; break;
#endif #endif
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libcrypto */ /* Cannot open ed25519 keys with libcrypto */
case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem); BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type); SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type);
@@ -933,9 +966,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->ecdsa = ecdsa; key->ecdsa = ecdsa;
key->ed25519_privkey = ed25519; key->ed25519_privkey = ed25519;
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
if (key->type == SSH_KEYTYPE_ECDSA) { if (is_ecdsa_key_type(key->type)) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa); key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
} }
#endif #endif
@@ -1237,27 +1269,10 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
break; break;
} }
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
rc = ssh_buffer_reinit(buffer);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid)); type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) { if (type_s == NULL) {
ssh_buffer_free(buffer); ssh_buffer_free(buffer);
@@ -1461,7 +1476,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
sig_blob = ssh_string_copy(sig->rsa_sig); sig_blob = ssh_string_copy(sig->rsa_sig);
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
{ {
ssh_string r; ssh_string r;
@@ -1614,8 +1631,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
sig->type = type; sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type; sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
len = ssh_string_len(sig_blob); len = ssh_string_len(sig_blob);
@@ -1688,9 +1705,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
if (sig == NULL) { if (sig == NULL) {
return NULL; return NULL;
} }
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_SIG_new(); sig->ecdsa_sig = ECDSA_SIG_new();
if (sig->ecdsa_sig == NULL) { if (sig->ecdsa_sig == NULL) {
@@ -1874,7 +1892,9 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR; return SSH_ERROR;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
rc = ECDSA_do_verify(hash, rc = ECDSA_do_verify(hash,
hlen, hlen,
@@ -1919,8 +1939,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
} }
sig->type = privkey->type; sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type; sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) { switch(privkey->type) {
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
@@ -1942,7 +1962,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type); sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) { if (sig->rsa_sig == NULL) {
ssh_signature_free(sig); ssh_signature_free(sig);
@@ -1950,7 +1969,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
} }
sig->dsa_sig = NULL; sig->dsa_sig = NULL;
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, privkey->ecdsa); sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, privkey->ecdsa);
if (sig->ecdsa_sig == NULL) { if (sig->ecdsa_sig == NULL) {
@@ -2005,7 +2026,7 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
} }
sig->type = key->type; sig->type = key->type;
sig->type_c = key->type_c; sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch(key->type) { switch(key->type) {
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
@@ -2017,14 +2038,15 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type); sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) { if (sig->rsa_sig == NULL) {
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC #ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa); sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa);
if (sig->ecdsa_sig == NULL) { if (sig->ecdsa_sig == NULL) {

107
src/pki_gcrypt.c
View File

@@ -427,7 +427,9 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
header_begin = RSA_HEADER_BEGIN; header_begin = RSA_HEADER_BEGIN;
header_end = RSA_HEADER_END; header_end = RSA_HEADER_END;
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
header_begin = ECDSA_HEADER_BEGIN; header_begin = ECDSA_HEADER_BEGIN;
header_end = ECDSA_HEADER_END; header_end = ECDSA_HEADER_END;
break; break;
@@ -737,6 +739,24 @@ static int pki_key_ecdsa_to_nid(gcry_sexp_t k)
return -1; return -1;
} }
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(gcry_sexp_t k)
{
static int nid;
nid = pki_key_ecdsa_to_nid(k);
switch (nid) {
case NID_gcrypt_nistp256:
return SSH_KEYTYPE_ECDSA_P256;
case NID_gcrypt_nistp384:
return SSH_KEYTYPE_ECDSA_P384;
case NID_gcrypt_nistp521:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
static const char *pki_key_ecdsa_nid_to_gcrypt_name(int nid) static const char *pki_key_ecdsa_nid_to_gcrypt_name(int nid)
{ {
switch (nid) { switch (nid) {
@@ -843,7 +863,7 @@ static int b64decode_ecdsa_privatekey(const char *pkey, gcry_sexp_t *r,
int ok; int ok;
buffer = privatekey_string_to_buffer(pkey, buffer = privatekey_string_to_buffer(pkey,
SSH_KEYTYPE_ECDSA, SSH_KEYTYPE_ECDSA_P256,
cb, cb,
userdata, userdata,
desc); desc);
@@ -978,7 +998,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
goto fail; goto fail;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#if HAVE_GCRYPT_ECC #if HAVE_GCRYPT_ECC
if (passphrase == NULL) { if (passphrase == NULL) {
if (auth_fn != NULL) { if (auth_fn != NULL) {
@@ -1006,6 +1028,14 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
SSH_LOG(SSH_LOG_WARN, "Parsing private key"); SSH_LOG(SSH_LOG_WARN, "Parsing private key");
goto fail; goto fail;
} }
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
break; break;
#endif #endif
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
@@ -1029,9 +1059,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->rsa = rsa; key->rsa = rsa;
key->ecdsa = ecdsa; key->ecdsa = ecdsa;
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
if (key->type == SSH_KEYTYPE_ECDSA) { if (is_ecdsa_key_type(key->type)) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa); key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
} }
#endif #endif
@@ -1256,7 +1285,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
new->ecdsa_nid = key->ecdsa_nid; new->ecdsa_nid = key->ecdsa_nid;
@@ -1336,7 +1367,9 @@ static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
rc = gcry_pk_genkey(&key->dsa, parms); rc = gcry_pk_genkey(&key->dsa, parms);
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
rc = gcry_pk_genkey(&key->ecdsa, parms); rc = gcry_pk_genkey(&key->ecdsa, parms);
break; break;
default: default:
@@ -1357,22 +1390,24 @@ int pki_key_generate_dss(ssh_key key, int parameter){
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) { int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
switch (parameter) { switch (parameter) {
case 384: case 384:
nid = NID_gcrypt_nistp384; key->ecdsa_nid = NID_gcrypt_nistp384;
break; key->type = SSH_KEYTYPE_ECDSA_P384;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P384);
case 521: case 521:
nid = NID_gcrypt_nistp521; key->ecdsa_nid = NID_gcrypt_nistp521;
break; key->type = SSH_KEYTYPE_ECDSA_P521;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P521);
case 256: case 256:
default: default:
nid = NID_gcrypt_nistp256; key->ecdsa_nid = NID_gcrypt_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P256);
} }
key->ecdsa_nid = nid;
return pki_key_generate(key, parameter, "ecdsa", SSH_KEYTYPE_ECDSA);
} }
#endif #endif
@@ -1471,7 +1506,9 @@ int pki_key_compare(const ssh_key k1,
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
/* ed25519 keys handled globaly */ /* ed25519 keys handled globaly */
return 0; return 0;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
if (k1->ecdsa_nid != k2->ecdsa_nid) { if (k1->ecdsa_nid != k2->ecdsa_nid) {
return 1; return 1;
@@ -1488,6 +1525,7 @@ int pki_key_compare(const ssh_key k1,
#endif #endif
case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
return 1; return 1;
@@ -1634,7 +1672,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
goto fail; goto fail;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
type_s = ssh_string_from_char( type_s = ssh_string_from_char(
pki_key_ecdsa_nid_to_char(key->ecdsa_nid)); pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
@@ -1788,7 +1828,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
sig_blob = pki_ed25519_sig_to_blob(sig); sig_blob = pki_ed25519_sig_to_blob(sig);
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
{ {
ssh_string R; ssh_string R;
@@ -1877,8 +1919,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
sig->type = type; sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type; sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
len = ssh_string_len(sig_blob); len = ssh_string_len(sig_blob);
@@ -1944,7 +1986,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break; break;
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_sig_from_blob(sig, sig_blob); rc = pki_ed25519_sig_from_blob(sig, sig_blob);
@@ -1953,7 +1994,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
return NULL; return NULL;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
{ /* build ecdsa siganature */ { /* build ecdsa siganature */
ssh_buffer b; ssh_buffer b;
@@ -2138,7 +2181,9 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR; return SSH_ERROR;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp, err = gcry_sexp_build(&sexp,
NULL, NULL,
@@ -2198,8 +2243,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return NULL; return NULL;
} }
sig->type = privkey->type; sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type; sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch (privkey->type) { switch (privkey->type) {
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
/* That is to mark the number as positive */ /* That is to mark the number as positive */
@@ -2224,7 +2269,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
} }
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
switch (hash_type) { switch (hash_type) {
case SSH_DIGEST_SHA1: case SSH_DIGEST_SHA1:
case SSH_DIGEST_AUTO: case SSH_DIGEST_AUTO:
@@ -2265,7 +2309,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return NULL; return NULL;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp, err = gcry_sexp_build(&sexp,
NULL, NULL,
@@ -2319,7 +2365,7 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
} }
sig->type = key->type; sig->type = key->type;
sig->type_c = key->type_c; sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch(key->type) { switch(key->type) {
case SSH_KEYTYPE_DSS: case SSH_KEYTYPE_DSS:
@@ -2344,7 +2390,6 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
} }
break; break;
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch (hash_type) { switch (hash_type) {
case SSH_DIGEST_SHA1: case SSH_DIGEST_SHA1:
hash_c = "sha1"; hash_c = "sha1";
@@ -2378,7 +2423,9 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
break; break;
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:
/* ED25519 handled in caller */ /* ED25519 handled in caller */
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC #ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp, err = gcry_sexp_build(&sexp,
NULL, NULL,

122
src/pki_mbedcrypto.c
View File

@@ -61,6 +61,24 @@ static int pki_key_ecdsa_to_nid(mbedtls_ecdsa_context *ecdsa)
return -1; return -1;
} }
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(mbedtls_ecdsa_context *ecdsa)
{
static int nid;
nid = pki_key_ecdsa_to_nid(ecdsa);
switch (nid) {
case NID_mbedtls_nistp256:
return SSH_KEYTYPE_ECDSA_P256;
case NID_mbedtls_nistp384:
return SSH_KEYTYPE_ECDSA_P384;
case NID_mbedtls_nistp521:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase, ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
ssh_auth_callback auth_fn, void *auth_data) ssh_auth_callback auth_fn, void *auth_data)
{ {
@@ -121,7 +139,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
goto fail; goto fail;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
ecdsa = malloc(sizeof(mbedtls_pk_context)); ecdsa = malloc(sizeof(mbedtls_pk_context));
if (ecdsa == NULL) { if (ecdsa == NULL) {
return NULL; return NULL;
@@ -173,10 +193,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
goto fail; goto fail;
} }
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
if (ecdsa != NULL) { if (ecdsa != NULL) {
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*ecdsa); mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*ecdsa);
@@ -189,16 +205,27 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
mbedtls_ecdsa_from_keypair(key->ecdsa, keypair); mbedtls_ecdsa_from_keypair(key->ecdsa, keypair);
mbedtls_pk_free(ecdsa); mbedtls_pk_free(ecdsa);
SAFE_FREE(ecdsa); SAFE_FREE(ecdsa);
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(key->ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
} else { } else {
key->ecdsa = NULL; key->ecdsa = NULL;
} }
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
key->ed25519_privkey = ed25519; key->ed25519_privkey = ed25519;
rsa = NULL; rsa = NULL;
ecdsa = NULL; ecdsa = NULL;
if (key->type == SSH_KEYTYPE_ECDSA) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
return key; return key;
fail: fail:
@@ -401,7 +428,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
break; break;
} }
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
new->ecdsa_nid = key->ecdsa_nid; new->ecdsa_nid = key->ecdsa_nid;
new->ecdsa = malloc(sizeof(mbedtls_ecdsa_context)); new->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
@@ -511,7 +540,9 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
} }
break; break;
} }
case SSH_KEYTYPE_ECDSA: { case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa; mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa;
mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa; mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa;
@@ -678,27 +709,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
break; break;
} }
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
rc = ssh_buffer_reinit(buffer); case SSH_KEYTYPE_ECDSA_P384:
if (rc < 0) { case SSH_KEYTYPE_ECDSA_P521:
ssh_buffer_free(buffer);
return NULL;
}
type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid)); ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) { if (type_s == NULL) {
@@ -773,7 +786,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
sig_blob = ssh_string_copy(sig->rsa_sig); sig_blob = ssh_string_copy(sig->rsa_sig);
break; break;
case SSH_KEYTYPE_ECDSA: { case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
ssh_string r; ssh_string r;
ssh_string s; ssh_string s;
ssh_buffer b; ssh_buffer b;
@@ -911,8 +926,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
} }
sig->type = type; sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type; sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
switch(type) { switch(type) {
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
@@ -920,9 +935,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
if (sig == NULL) { if (sig == NULL) {
return NULL; return NULL;
} }
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break; break;
case SSH_KEYTYPE_ECDSA: { case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
ssh_buffer b; ssh_buffer b;
ssh_string r; ssh_string r;
ssh_string s; ssh_string s;
@@ -1050,7 +1066,9 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
return SSH_ERROR; return SSH_ERROR;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
rc = mbedtls_ecdsa_verify(&key->ecdsa->grp, hash, hlen, rc = mbedtls_ecdsa_verify(&key->ecdsa->grp, hash, hlen,
&key->ecdsa->Q, sig->ecdsa_sig.r, sig->ecdsa_sig.s); &key->ecdsa->Q, sig->ecdsa_sig.r, sig->ecdsa_sig.s);
if (rc != 0) { if (rc != 0) {
@@ -1157,19 +1175,20 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
} }
sig->type = privkey->type; sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type; sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) { switch(privkey->type) {
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = rsa_do_sign_hash(hash, hlen, privkey->rsa, hash_type); sig->rsa_sig = rsa_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) { if (sig->rsa_sig == NULL) {
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
sig->ecdsa_sig.r = bignum_new(); sig->ecdsa_sig.r = bignum_new();
if (sig->ecdsa_sig.r == NULL) { if (sig->ecdsa_sig.r == NULL) {
return NULL; return NULL;
@@ -1231,18 +1250,19 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
} }
sig->type = key->type; sig->type = key->type;
sig->type_c = key->type_c; sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch (key->type) { switch (key->type) {
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = rsa_do_sign_hash(hash, hlen, key->rsa, hash_type); sig->rsa_sig = rsa_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) { if (sig->rsa_sig == NULL) {
ssh_signature_free(sig); ssh_signature_free(sig);
return NULL; return NULL;
} }
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
sig->ecdsa_sig.r = bignum_new(); sig->ecdsa_sig.r = bignum_new();
if (sig->ecdsa_sig.r == NULL) { if (sig->ecdsa_sig.r == NULL) {
return NULL; return NULL;
@@ -1452,26 +1472,24 @@ fail:
int pki_key_generate_ecdsa(ssh_key key, int parameter) int pki_key_generate_ecdsa(ssh_key key, int parameter)
{ {
int nid;
int ok; int ok;
switch (parameter) { switch (parameter) {
case 384: case 384:
nid = NID_mbedtls_nistp384; key->ecdsa_nid = NID_mbedtls_nistp384;
key->type = SSH_KEYTYPE_ECDSA_P384;
break; break;
case 521: case 521:
nid = NID_mbedtls_nistp521; key->ecdsa_nid = NID_mbedtls_nistp521;
key->type = SSH_KEYTYPE_ECDSA_P521;
break; break;
case 256: case 256:
default: default:
nid = NID_mbedtls_nistp256; key->ecdsa_nid = NID_mbedtls_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
break; break;
} }
key->ecdsa_nid = nid;
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = malloc(sizeof(mbedtls_ecdsa_context)); key->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
if (key->ecdsa == NULL) { if (key->ecdsa == NULL) {
return SSH_ERROR; return SSH_ERROR;
@@ -1480,7 +1498,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter)
mbedtls_ecdsa_init(key->ecdsa); mbedtls_ecdsa_init(key->ecdsa);
ok = mbedtls_ecdsa_genkey(key->ecdsa, ok = mbedtls_ecdsa_genkey(key->ecdsa,
pki_key_ecdsa_nid_to_mbed_gid(nid), pki_key_ecdsa_nid_to_mbed_gid(key->ecdsa_nid),
mbedtls_ctr_drbg_random, mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context()); ssh_get_mbedtls_ctr_drbg_context());

4
src/server.c
View File

@@ -242,7 +242,9 @@ int ssh_get_key_params(ssh_session session, ssh_key *privkey){
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
*privkey = session->srv.rsa_key; *privkey = session->srv.rsa_key;
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
*privkey = session->srv.ecdsa_key; *privkey = session->srv.ecdsa_key;
break; break;
case SSH_KEYTYPE_ED25519: case SSH_KEYTYPE_ED25519:

8
tests/client/torture_knownhosts_verify.c
View File

@@ -161,15 +161,15 @@ static void torture_knownhosts_precheck(void **state)
assert_non_null(file); assert_non_null(file);
fprintf(file, fprintf(file,
"127.0.0.10 %s\n", "127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fprintf(file, fprintf(file,
"127.0.0.10 %s\n", "127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0)); torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
fprintf(file, fprintf(file,
"127.0.0.10 %s\n", "127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, 521)); torture_get_testkey_pub(SSH_KEYTYPE_ECDSA_P521));
fclose(file); fclose(file);
@@ -229,7 +229,7 @@ static void torture_knownhosts_other(void **state)
assert_non_null(file); assert_non_null(file);
fprintf(file, fprintf(file,
"127.0.0.10 %s\n", "127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fclose(file); fclose(file);
rc = ssh_connect(session); rc = ssh_connect(session);

10
tests/server/torture_server.c
View File

@@ -109,28 +109,28 @@ static int setup_default_server(void **state)
"%s/sshd/ssh_host_ed25519_key", "%s/sshd/ssh_host_ed25519_key",
s->socket_dir); s->socket_dir);
torture_write_file(ed25519_hostkey, torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_DSA #ifdef HAVE_DSA
snprintf(dsa_hostkey, snprintf(dsa_hostkey,
sizeof(dsa_hostkey), sizeof(dsa_hostkey),
"%s/sshd/ssh_host_dsa_key", "%s/sshd/ssh_host_dsa_key",
s->socket_dir); s->socket_dir);
torture_write_file(dsa_hostkey, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_write_file(dsa_hostkey, torture_get_testkey(SSH_KEYTYPE_DSS, 0));
#endif /* HAVE_DSA */ #endif /* HAVE_DSA */
snprintf(rsa_hostkey, snprintf(rsa_hostkey,
sizeof(rsa_hostkey), sizeof(rsa_hostkey),
"%s/sshd/ssh_host_rsa_key", "%s/sshd/ssh_host_rsa_key",
s->socket_dir); s->socket_dir);
torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
snprintf(ecdsa_hostkey, snprintf(ecdsa_hostkey,
sizeof(ecdsa_hostkey), sizeof(ecdsa_hostkey),
"%s/sshd/ssh_host_ecdsa_key", "%s/sshd/ssh_host_ecdsa_key",
s->socket_dir); s->socket_dir);
torture_write_file(ecdsa_hostkey, torture_write_file(ecdsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0)); torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
sftp_server = getenv("TORTURE_SFTP_SERVER"); sftp_server = getenv("TORTURE_SFTP_SERVER");
if (sftp_server == NULL) { if (sftp_server == NULL) {
@@ -449,7 +449,7 @@ static void torture_server_hostkey_mismatch(void **state)
assert_non_null(file); assert_non_null(file);
fprintf(file, fprintf(file,
"127.0.0.10 %s\n", "127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fclose(file); fclose(file);
rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file); rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);

2
tests/server/torture_server_auth_kbdint.c
View File

@@ -551,7 +551,7 @@ static int setup_kbdint_server(void **state)
"%s/sshd/ssh_host_ed25519_key", "%s/sshd/ssh_host_ed25519_key",
s->socket_dir); s->socket_dir);
torture_write_file(ed25519_hostkey, torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
/* Create the server state */ /* Create the server state */
ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st)); ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));

13
tests/torture.c
View File

@@ -373,7 +373,9 @@ ssh_bind torture_ssh_bind(const char *addr,
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
opts = SSH_BIND_OPTIONS_RSAKEY; opts = SSH_BIND_OPTIONS_RSAKEY;
break; break;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
opts = SSH_BIND_OPTIONS_ECDSAKEY; opts = SSH_BIND_OPTIONS_ECDSAKEY;
break; break;
default: default:
@@ -714,16 +716,15 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
if (!written) { if (!written) {
torture_write_file(ed25519_hostkey, torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
0, 0));
#ifdef HAVE_DSA #ifdef HAVE_DSA
torture_write_file(dsa_hostkey, torture_write_file(dsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_get_testkey(SSH_KEYTYPE_DSS, 0));
#endif /* HAVE_DSA */ #endif /* HAVE_DSA */
torture_write_file(rsa_hostkey, torture_write_file(rsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(ecdsa_hostkey, torture_write_file(ecdsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0)); torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
torture_write_file(trusted_ca_pubkey, torture_rsa_certauth_pub); torture_write_file(trusted_ca_pubkey, torture_rsa_certauth_pub);
} }

20
tests/torture_key.c
View File

@@ -497,7 +497,6 @@ static const char torture_ed25519_public_testkey[] =
"BU6Nh3PmAiqX aris@kalix86"; "BU6Nh3PmAiqX aris@kalix86";
static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
int bits,
bool with_passphrase, bool with_passphrase,
int pubkey, int pubkey,
int format) int format)
@@ -529,8 +528,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
return torture_rsa_private_openssh_testkey; return torture_rsa_private_openssh_testkey;
} }
return torture_rsa_private_testkey; return torture_rsa_private_testkey;
case SSH_KEYTYPE_ECDSA: case SSH_KEYTYPE_ECDSA_P521:
if (bits == 521) {
if (pubkey) { if (pubkey) {
return torture_ecdsa521_public_testkey; return torture_ecdsa521_public_testkey;
} else if (with_passphrase) { } else if (with_passphrase) {
@@ -543,7 +541,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
return torture_ecdsa521_private_openssh_testkey; return torture_ecdsa521_private_openssh_testkey;
} }
return torture_ecdsa521_private_testkey; return torture_ecdsa521_private_testkey;
} else if (bits == 384) { case SSH_KEYTYPE_ECDSA_P384:
if (pubkey) { if (pubkey) {
return torture_ecdsa384_public_testkey; return torture_ecdsa384_public_testkey;
} else if (with_passphrase){ } else if (with_passphrase){
@@ -556,8 +554,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
return torture_ecdsa384_private_openssh_testkey; return torture_ecdsa384_private_openssh_testkey;
} }
return torture_ecdsa384_private_testkey; return torture_ecdsa384_private_testkey;
} case SSH_KEYTYPE_ECDSA_P256:
if (pubkey) { if (pubkey) {
return torture_ecdsa256_public_testkey; return torture_ecdsa256_public_testkey;
} else if (with_passphrase){ } else if (with_passphrase){
@@ -590,6 +587,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_RSA_CERT01:
return torture_rsa_testkey_cert; return torture_rsa_testkey_cert;
case SSH_KEYTYPE_RSA1: case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN: case SSH_KEYTYPE_UNKNOWN:
return NULL; return NULL;
} }
@@ -599,23 +597,21 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
/* Return the encrypted private key in a new OpenSSH format */ /* Return the encrypted private key in a new OpenSSH format */
const char *torture_get_openssh_testkey(enum ssh_keytypes_e type, const char *torture_get_openssh_testkey(enum ssh_keytypes_e type,
int ecda_bits,
bool with_passphrase) bool with_passphrase)
{ {
return torture_get_testkey_internal(type, ecda_bits, with_passphrase, 0, 1); return torture_get_testkey_internal(type, with_passphrase, 0, 1);
} }
/* Return the private key in the legacy PEM format */ /* Return the private key in the legacy PEM format */
const char *torture_get_testkey(enum ssh_keytypes_e type, const char *torture_get_testkey(enum ssh_keytypes_e type,
int ecda_bits,
bool with_passphrase) bool with_passphrase)
{ {
return torture_get_testkey_internal(type, ecda_bits, with_passphrase, 0, 0); return torture_get_testkey_internal(type, with_passphrase, 0, 0);
} }
const char *torture_get_testkey_pub(enum ssh_keytypes_e type, int ecda_bits) const char *torture_get_testkey_pub(enum ssh_keytypes_e type)
{ {
return torture_get_testkey_internal(type, ecda_bits, 0, 1, 0); return torture_get_testkey_internal(type, 0, 1, 0);
} }
const char *torture_get_testkey_passphrase(void) const char *torture_get_testkey_passphrase(void)

4
tests/torture_key.h
View File

@@ -30,15 +30,13 @@
/* Return the encrypted private key in a new OpenSSH format */ /* Return the encrypted private key in a new OpenSSH format */
const char *torture_get_openssh_testkey(enum ssh_keytypes_e type, const char *torture_get_openssh_testkey(enum ssh_keytypes_e type,
int ecdsa_bits,
bool with_passphrase); bool with_passphrase);
/* Return the private key in the legacy PEM format */ /* Return the private key in the legacy PEM format */
const char *torture_get_testkey(enum ssh_keytypes_e type, const char *torture_get_testkey(enum ssh_keytypes_e type,
int ecdsa_bits,
bool with_passphrase); bool with_passphrase);
const char *torture_get_testkey_passphrase(void); const char *torture_get_testkey_passphrase(void);
const char *torture_get_testkey_pub(enum ssh_keytypes_e type, int ecdsa_bits); const char *torture_get_testkey_pub(enum ssh_keytypes_e type);
#endif /* _TORTURE_KEY_H */ #endif /* _TORTURE_KEY_H */

8
tests/unittests/torture_bind_config.c
View File

@@ -140,17 +140,17 @@ static int setup_config_files(void **state)
/* For ed25519 the test keys are not available in legacy PEM format. Using /* For ed25519 the test keys are not available in legacy PEM format. Using
* the new OpenSSH format for all algorithms */ * the new OpenSSH format for all algorithms */
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_ED25519_TESTKEY, torture_write_file(LIBSSH_ED25519_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_ECC #ifdef HAVE_ECC
torture_write_file(LIBSSH_ECDSA_521_TESTKEY, torture_write_file(LIBSSH_ECDSA_521_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, 521, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
#endif #endif
#ifdef HAVE_DSA #ifdef HAVE_DSA
torture_write_file(LIBSSH_DSA_TESTKEY, torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
#endif #endif
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS, torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS,

2
tests/unittests/torture_hashes.c
View File

@@ -16,7 +16,7 @@ static int setup_rsa_key(void **state)
const char *q; const char *q;
b64_key = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); b64_key = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_non_null(b64_key); assert_non_null(b64_key);
q = p = b64_key; q = p = b64_key;

16
tests/unittests/torture_keyfiles.c
View File

@@ -19,9 +19,9 @@ static int setup_rsa_key(void **state)
unlink(LIBSSH_RSA_TESTKEY ".pub"); unlink(LIBSSH_RSA_TESTKEY ".pub");
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
session = ssh_new(); session = ssh_new();
*state = session; *state = session;
@@ -38,9 +38,9 @@ static int setup_dsa_key(void **state)
unlink(LIBSSH_DSA_TESTKEY ".pub"); unlink(LIBSSH_DSA_TESTKEY ".pub");
torture_write_file(LIBSSH_DSA_TESTKEY, torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_get_testkey(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); torture_get_testkey_pub(SSH_KEYTYPE_DSS));
session = ssh_new(); session = ssh_new();
*state = session; *state = session;
@@ -70,15 +70,15 @@ static int setup_both_keys_passphrase(void **state)
ssh_session session; ssh_session session;
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_get_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
#ifdef HAVE_DSA #ifdef HAVE_DSA
torture_write_file(LIBSSH_DSA_TESTKEY, torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1)); torture_get_testkey(SSH_KEYTYPE_DSS, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); torture_get_testkey_pub(SSH_KEYTYPE_DSS));
#endif #endif
session = ssh_new(); session = ssh_new();

2
tests/unittests/torture_knownhosts_parsing.c
View File

@@ -132,7 +132,7 @@ static void torture_knownhosts_parse_line_ecdsa(void **state) {
assert_string_equal(entry->hostname, "localhost"); assert_string_equal(entry->hostname, "localhost");
assert_non_null(entry->unparsed); assert_non_null(entry->unparsed);
assert_non_null(entry->publickey); assert_non_null(entry->publickey);
assert_int_equal(ssh_key_type(entry->publickey), SSH_KEYTYPE_ECDSA); assert_int_equal(ssh_key_type(entry->publickey), SSH_KEYTYPE_ECDSA_P256);
SSH_KNOWNHOSTS_ENTRY_FREE(entry); SSH_KNOWNHOSTS_ENTRY_FREE(entry);
} }

14
tests/unittests/torture_options.c
View File

@@ -781,17 +781,17 @@ static int ssh_bind_setup_files(void **state)
/* For ed25519 the test keys are not available in legacy PEM format. Using /* For ed25519 the test keys are not available in legacy PEM format. Using
* the new OpenSSH format for all algorithms */ * the new OpenSSH format for all algorithms */
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_RSA 0));
torture_write_file(LIBSSH_ED25519_TESTKEY, torture_write_file(LIBSSH_ED25519_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_ECC #ifdef HAVE_ECC
torture_write_file(LIBSSH_ECDSA_521_TESTKEY, torture_write_file(LIBSSH_ECDSA_521_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, 521, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
#endif #endif
#ifdef HAVE_DSA #ifdef HAVE_DSA
torture_write_file(LIBSSH_DSA_TESTKEY, torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
#endif #endif
torture_write_file(LIBSSH_CUSTOM_BIND_CONFIG_FILE, torture_write_file(LIBSSH_CUSTOM_BIND_CONFIG_FILE,
"Port 42\n"); "Port 42\n");
@@ -867,7 +867,7 @@ static void torture_bind_options_import_key(void **state)
SSH_KEY_FREE(key); SSH_KEY_FREE(key);
/* set rsa key */ /* set rsa key */
base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0); base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(key); assert_non_null(key);
@@ -876,7 +876,7 @@ static void torture_bind_options_import_key(void **state)
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
#ifdef HAVE_DSA #ifdef HAVE_DSA
/* set dsa key */ /* set dsa key */
base64_key = torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0); base64_key = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(key); assert_non_null(key);
@@ -886,7 +886,7 @@ static void torture_bind_options_import_key(void **state)
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
/* set ecdsa key */ /* set ecdsa key */
base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0); base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0);
rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
assert_int_equal(rc, SSH_OK); assert_int_equal(rc, SSH_OK);
assert_non_null(key); assert_non_null(key);

11
tests/unittests/torture_pki.c
View File

@@ -65,8 +65,17 @@ struct key_attrs key_attrs_list[] = {
#endif #endif
{1, 1, "ssh-rsa", 2048, 20, "ssh-rsa"}, /* RSA */ {1, 1, "ssh-rsa", 2048, 20, "ssh-rsa"}, /* RSA */
{0, 0, "", 0, 0, ""}, /* RSA1 */ {0, 0, "", 0, 0, ""}, /* RSA1 */
{1, 1, "ecdsa-sha2-nistp521", 521, 64, "ecdsa-sha2-nistp521"}, /* ECDSA */ {0, 0, "", 0, 0, ""}, /* ECDSA */
{1, 1, "ssh-ed25519", 0, 33, "ssh-ed25519"}, /* ED25519 */ {1, 1, "ssh-ed25519", 0, 33, "ssh-ed25519"}, /* ED25519 */
#ifdef HAVE_DSA
{0, 0, "", 0, 0, ""}, /* DSS CERT */
#else
{0, 0, "", 0, 0, ""}, /* DSS CERT */
#endif
{0, 0, "", 0, 0, ""}, /* RSA CERT */
{1, 1, "ecdsa-sha2-nistp256", 0, 64, "ecdsa-sha2-nistp256"}, /* ECDSA P256 */
{1, 1, "ecdsa-sha2-nistp384", 0, 64, "ecdsa-sha2-nistp384"}, /* ECDSA P384 */
{1, 1, "ecdsa-sha2-nistp521", 0, 64, "ecdsa-sha2-nistp521"}, /* ECDSA P521 */
}; };
/* Maps to enum ssh_digest_e */ /* Maps to enum ssh_digest_e */

40
tests/unittests/torture_pki_dsa.c
View File

@@ -49,13 +49,13 @@ static int setup_dsa_key(void **state)
printf("Changed directory to: %s\n", tmp_dir); printf("Changed directory to: %s\n", tmp_dir);
torture_write_file(LIBSSH_DSA_TESTKEY, torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_get_testkey(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1)); torture_get_testkey(SSH_KEYTYPE_DSS, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); torture_get_testkey_pub(SSH_KEYTYPE_DSS));
torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0)); torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01));
return 0; return 0;
} }
@@ -85,13 +85,13 @@ static int setup_openssh_dsa_key(void **state)
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
torture_write_file(LIBSSH_DSA_TESTKEY, torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1)); torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); torture_get_testkey_pub(SSH_KEYTYPE_DSS));
torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub", torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0)); torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01));
return 0; return 0;
} }
@@ -158,7 +158,7 @@ static void torture_pki_dsa_import_privkey_base64(void **state)
(void) state; /* unused */ (void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -258,7 +258,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
(void) state; /* unused */ (void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -272,7 +272,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
SSH_KEY_FREE(key); SSH_KEY_FREE(key);
/* test if it returns -1 if passphrase is wrong */ /* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
"wrong passphrase !!", "wrong passphrase !!",
NULL, NULL,
NULL, NULL,
@@ -283,7 +283,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
/* test if it returns -1 if passphrase is NULL */ /* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */ /* libcrypto asks for a passphrase, so skip this test */
#ifndef HAVE_LIBCRYPTO #ifndef HAVE_LIBCRYPTO
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
NULL, NULL,
NULL, NULL,
NULL, NULL,
@@ -292,7 +292,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
assert_null(key); assert_null(key);
#endif #endif
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -306,7 +306,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
SSH_KEY_FREE(key); SSH_KEY_FREE(key);
/* test if it returns -1 if passphrase is wrong */ /* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
"wrong passphrase !!", "wrong passphrase !!",
NULL, NULL,
NULL, NULL,
@@ -320,7 +320,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
#ifndef HAVE_LIBCRYPTO #ifndef HAVE_LIBCRYPTO
/* test if it returns -1 if passphrase is NULL */ /* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */ /* libcrypto asks for a passphrase, so skip this test */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
NULL, NULL,
NULL, NULL,
NULL, NULL,
@@ -343,7 +343,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
(void) state; /* unused */ (void) state; /* unused */
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1); keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 1);
assert_non_null(keystring); assert_non_null(keystring);
rc = ssh_pki_import_privkey_base64(keystring, rc = ssh_pki_import_privkey_base64(keystring,
@@ -424,7 +424,7 @@ static void torture_pki_dsa_publickey_from_privatekey(void **state)
(void) state; /* unused */ (void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -476,7 +476,7 @@ static void torture_pki_dsa_publickey_base64(void **state)
(void) state; /* unused */ (void) state; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
assert_non_null(key_buf); assert_non_null(key_buf);
keylen = strlen(key_buf); keylen = strlen(key_buf);
@@ -550,8 +550,8 @@ static void torture_pki_dsa_generate_pubkey_from_privkey(void **state)
sizeof(pubkey_generated)); sizeof(pubkey_generated));
assert_true(rc == 0); assert_true(rc == 0);
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0), assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_DSS),
pubkey_generated, pubkey_generated,
len); len);

114
tests/unittests/torture_pki_ecdsa.c
View File

@@ -19,6 +19,7 @@ const unsigned char ECDSA_HASH[] = "12345678901234567890";
struct pki_st { struct pki_st {
char *cwd; char *cwd;
char *temp_dir; char *temp_dir;
enum ssh_keytypes_e type;
}; };
static int setup_ecdsa_key(void **state, int ecdsa_bits) static int setup_ecdsa_key(void **state, int ecdsa_bits)
@@ -47,12 +48,24 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits)
printf("Changed directory to: %s\n", tmp_dir); printf("Changed directory to: %s\n", tmp_dir);
switch (ecdsa_bits) {
case 521:
test_state->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 384:
test_state->type = SSH_KEYTYPE_ECDSA_P384;
break;
default:
test_state->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
torture_write_file(LIBSSH_ECDSA_TESTKEY, torture_write_file(LIBSSH_ECDSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0)); torture_get_testkey(test_state->type, 0));
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1)); torture_get_testkey(test_state->type, 1));
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); torture_get_testkey_pub(test_state->type));
return 0; return 0;
} }
@@ -84,15 +97,25 @@ static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits)
printf("Changed directory to: %s\n", tmp_dir); printf("Changed directory to: %s\n", tmp_dir);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0); switch (ecdsa_bits) {
torture_write_file(LIBSSH_ECDSA_TESTKEY, case 521:
keystring); test_state->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 384:
test_state->type = SSH_KEYTYPE_ECDSA_P384;
break;
default:
test_state->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1); keystring = torture_get_openssh_testkey(test_state->type, 0);
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_ECDSA_TESTKEY, keystring);
keystring);
keystring = torture_get_openssh_testkey(test_state->type, 1);
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, keystring);
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub", torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits)); torture_get_testkey_pub(test_state->type));
return 0; return 0;
} }
@@ -249,8 +272,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
const char *q = NULL; const char *q = NULL;
ssh_key key = NULL; ssh_key key = NULL;
int rc; int rc;
struct pki_st *test_state = *((struct pki_st **)state);
(void) state; /* unused */
key_buf = torture_pki_read_file(LIBSSH_ECDSA_TESTKEY ".pub"); key_buf = torture_pki_read_file(LIBSSH_ECDSA_TESTKEY ".pub");
assert_non_null(key_buf); assert_non_null(key_buf);
@@ -262,7 +284,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
} }
type = ssh_key_type_from_name(q); type = ssh_key_type_from_name(q);
assert_true(type == SSH_KEYTYPE_ECDSA); assert_true(type == test_state->type);
q = ++p; q = ++p;
while (p != NULL && *p != '\0' && *p != ' ') p++; while (p != NULL && *p != '\0' && *p != ' ') p++;
@@ -427,6 +449,24 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_session session=ssh_new(); ssh_session session=ssh_new();
(void) state; (void) state;
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
etype_char = ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key); rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
assert_non_null(key); assert_non_null(key);
@@ -435,15 +475,33 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
type = ssh_key_type(key); type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA); assert_true(type == SSH_KEYTYPE_ECDSA_P256);
type_char = ssh_key_type_to_char(type); type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0); assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
etype_char = ssh_pki_key_ecdsa_name(key); etype_char = ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0); assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
ssh_signature_free(sign); ssh_signature_free(sign);
SSH_KEY_FREE(key); SSH_KEY_FREE(key);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key); rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
assert_non_null(key); assert_non_null(key);
@@ -452,15 +510,33 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
type = ssh_key_type(key); type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA); assert_true(type == SSH_KEYTYPE_ECDSA_P384);
type_char = ssh_key_type_to_char(type); type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0); assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
etype_char =ssh_pki_key_ecdsa_name(key); etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0); assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
ssh_signature_free(sign); ssh_signature_free(sign);
SSH_KEY_FREE(key); SSH_KEY_FREE(key);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key); rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
assert_non_null(key); assert_non_null(key);
@@ -469,9 +545,9 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
type = ssh_key_type(key); type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA); assert_true(type == SSH_KEYTYPE_ECDSA_P521);
type_char = ssh_key_type_to_char(type); type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0); assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
etype_char =ssh_pki_key_ecdsa_name(key); etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0); assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);

27
tests/unittests/torture_pki_ed25519.c
View File

@@ -52,13 +52,13 @@ static int setup_ed25519_key(void **state)
printf("Changed directory to: %s\n", tmp_dir); printf("Changed directory to: %s\n", tmp_dir);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0); keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
torture_write_file(LIBSSH_ED25519_TESTKEY, keystring); torture_write_file(LIBSSH_ED25519_TESTKEY, keystring);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 1); keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 1);
torture_write_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE, keystring); torture_write_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE, keystring);
torture_write_file(LIBSSH_ED25519_TESTKEY ".pub", torture_write_file(LIBSSH_ED25519_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ED25519,0)); torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
return 0; return 0;
} }
@@ -158,7 +158,6 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
(void) state; /* unused */ (void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, rc = ssh_pki_import_privkey_base64(torture_get_openssh_testkey(SSH_KEYTYPE_ED25519,
0,
false), false),
passphrase, passphrase,
NULL, NULL,
@@ -210,7 +209,7 @@ static void torture_pki_ed25519_publickey_from_privatekey(void **state)
(void) state; /* unused */ (void) state; /* unused */
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0); keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
rc = ssh_pki_import_privkey_base64(keystring, rc = ssh_pki_import_privkey_base64(keystring,
passphrase, passphrase,
NULL, NULL,
@@ -240,7 +239,7 @@ static void torture_pki_ed25519_publickey_base64(void **state)
(void) state; /* unused */ (void) state; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0)); key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
assert_non_null(key_buf); assert_non_null(key_buf);
q = p = key_buf; q = p = key_buf;
@@ -305,8 +304,8 @@ static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state)
sizeof(pubkey_generated)); sizeof(pubkey_generated));
assert_true(rc == 0); assert_true(rc == 0);
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0)); len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0), assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_ED25519),
pubkey_generated, pubkey_generated,
len); len);
@@ -469,7 +468,7 @@ static void torture_pki_ed25519_sign(void **state)
sig = ssh_signature_new(); sig = ssh_signature_new();
assert_non_null(sig); assert_non_null(sig);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0); keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
rc = ssh_pki_import_privkey_base64(keystring, rc = ssh_pki_import_privkey_base64(keystring,
NULL, NULL,
NULL, NULL,
@@ -498,7 +497,7 @@ static void torture_pki_ed25519_verify(void **state){
ssh_key pubkey = NULL; ssh_key pubkey = NULL;
ssh_signature sig = NULL; ssh_signature sig = NULL;
ssh_string blob = ssh_string_new(ED25519_SIG_LEN); ssh_string blob = ssh_string_new(ED25519_SIG_LEN);
char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519,0), ' ') + 1); char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519), ' ') + 1);
char *ptr = NULL; char *ptr = NULL;
int rc; int rc;
(void) state; (void) state;
@@ -531,7 +530,7 @@ static void torture_pki_ed25519_verify_bad(void **state){
ssh_key pubkey = NULL; ssh_key pubkey = NULL;
ssh_signature sig = NULL; ssh_signature sig = NULL;
ssh_string blob = ssh_string_new(ED25519_SIG_LEN); ssh_string blob = ssh_string_new(ED25519_SIG_LEN);
char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519,0), ' ') + 1); char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519), ' ') + 1);
char *ptr = NULL; char *ptr = NULL;
int rc; int rc;
int i; int i;
@@ -574,7 +573,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state)
(void) state; /* unused */ (void) state; /* unused */
/* same for ED25519 */ /* same for ED25519 */
testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 1); testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 1);
rc = ssh_pki_import_privkey_base64(testkey, rc = ssh_pki_import_privkey_base64(testkey,
passphrase, passphrase,
NULL, NULL,
@@ -608,7 +607,7 @@ static void torture_pki_ed25519_privkey_dup(void **state)
(void) state; /* unused */ (void) state; /* unused */
testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 1); testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 1);
rc = ssh_pki_import_privkey_base64(testkey, rc = ssh_pki_import_privkey_base64(testkey,
passphrase, passphrase,
NULL, NULL,
@@ -631,7 +630,7 @@ static void torture_pki_ed25519_pubkey_dup(void **state)
{ {
ssh_key pubkey = NULL; ssh_key pubkey = NULL;
ssh_key dup = NULL; ssh_key dup = NULL;
const char *p = strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0), ' '); const char *p = strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519), ' ');
char *pub_str = NULL; char *pub_str = NULL;
char *q = NULL; char *q = NULL;
int rc; int rc;

36
tests/unittests/torture_pki_rsa.c
View File

@@ -52,13 +52,13 @@ static int setup_rsa_key(void **state)
printf("Changed directory to: %s\n", tmp_dir); printf("Changed directory to: %s\n", tmp_dir);
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_get_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01));
return 0; return 0;
} }
@@ -88,13 +88,13 @@ static int setup_openssh_rsa_key(void **state)
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01));
return 0; return 0;
} }
@@ -161,7 +161,7 @@ static void torture_pki_rsa_import_privkey_base64_NULL_key(void **state)
(void) state; /* unused */ (void) state; /* unused */
/* test if it returns -1 if key is NULL */ /* test if it returns -1 if key is NULL */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -224,7 +224,7 @@ static void torture_pki_rsa_publickey_from_privatekey(void **state)
(void) state; /* unused */ (void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -266,7 +266,7 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
assert_non_null(pubkey); assert_non_null(pubkey);
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -333,7 +333,7 @@ static void torture_pki_rsa_publickey_base64(void **state)
(void) state; /* unused */ (void) state; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_non_null(key_buf); assert_non_null(key_buf);
q = p = key_buf; q = p = key_buf;
@@ -398,8 +398,8 @@ static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) {
sizeof(pubkey_generated)); sizeof(pubkey_generated));
assert_true(rc == 0); assert_true(rc == 0);
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0), assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA),
pubkey_generated, pubkey_generated,
len); len);
@@ -641,7 +641,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
(void) state; /* unused */ (void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 1),
passphrase, passphrase,
NULL, NULL,
NULL, NULL,
@@ -655,7 +655,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
SSH_KEY_FREE(key); SSH_KEY_FREE(key);
/* test if it returns -1 if passphrase is wrong */ /* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 1),
"wrong passphrase !!", "wrong passphrase !!",
NULL, NULL,
NULL, NULL,
@@ -666,7 +666,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
#ifndef HAVE_LIBCRYPTO #ifndef HAVE_LIBCRYPTO
/* test if it returns -1 if passphrase is NULL */ /* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */ /* libcrypto asks for a passphrase, so skip this test */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1), rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 1),
NULL, NULL,
NULL, NULL,
NULL, NULL,
@@ -686,7 +686,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
(void) state; /* unused */ (void) state; /* unused */
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1); keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 1);
assert_non_null(keystring); assert_non_null(keystring);
rc = ssh_pki_import_privkey_base64(keystring, rc = ssh_pki_import_privkey_base64(keystring,

4
tests/unittests/torture_server_x11.c
View File

@@ -40,8 +40,8 @@ static int setup(void **state) {
assert_return_code(h->fd, errno); assert_return_code(h->fd, errno);
close(h->fd); close(h->fd);
h->key_type = SSH_KEYTYPE_ECDSA; h->key_type = SSH_KEYTYPE_ECDSA_P256;
h->hostkey = torture_get_testkey(h->key_type, 0, 0); h->hostkey = torture_get_testkey(h->key_type, 0);
torture_write_file(h->hostkey_path, h->hostkey); torture_write_file(h->hostkey_path, h->hostkey);

18
tests/unittests/torture_threads_pki_rsa.c
View File

@@ -98,13 +98,13 @@ static int setup_rsa_key(void **state)
printf("Changed directory to: %s\n", tmp_dir); printf("Changed directory to: %s\n", tmp_dir);
torture_write_file(LIBSSH_RSA_TESTKEY, torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0)); torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE, torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1)); torture_get_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub", torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0)); torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01));
return 0; return 0;
} }
@@ -201,7 +201,7 @@ static void *thread_pki_rsa_import_privkey_base64_NULL_key(void *threadid)
(void) threadid; /* unused */ (void) threadid; /* unused */
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0); testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
assert_non_null(testkey); assert_non_null(testkey);
/* test if it returns -1 if key is NULL */ /* test if it returns -1 if key is NULL */
@@ -306,7 +306,7 @@ static void *thread_pki_rsa_publickey_from_privatekey(void *threadid)
(void) threadid; /* unused */ (void) threadid; /* unused */
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0); testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
rc = ssh_pki_import_privkey_base64(testkey, rc = ssh_pki_import_privkey_base64(testkey,
passphrase, passphrase,
NULL, NULL,
@@ -362,7 +362,7 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid)
assert_true(rc == SSH_OK); assert_true(rc == SSH_OK);
assert_non_null(pubkey); assert_non_null(pubkey);
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0); testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
assert_non_null(testkey); assert_non_null(testkey);
rc = ssh_pki_import_privkey_base64(testkey, rc = ssh_pki_import_privkey_base64(testkey,
@@ -454,7 +454,7 @@ static void *thread_pki_rsa_publickey_base64(void *threadid)
(void) threadid; /* unused */ (void) threadid; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_non_null(key_buf); assert_non_null(key_buf);
q = p = key_buf; q = p = key_buf;
@@ -636,7 +636,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid)
(void) threadid; /* unused */ (void) threadid; /* unused */
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1); testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 1);
assert_non_null(testkey); assert_non_null(testkey);
rc = ssh_pki_import_privkey_base64(testkey, rc = ssh_pki_import_privkey_base64(testkey,