tests(pki): add security key testing helper functions to torture library

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2026-02-04 12:20:42 +09:00 · 2025-08-01 00:26:02 +05:30
parent aab6ce364a
commit f9f8c939bc
3 changed files with 138 additions and 0 deletions
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -37,6 +37,7 @@ add_library(${TORTURE_LIBRARY}
                torture.c
                torture_key.c
                torture_pki.c
+                torture_sk.c
                torture_cmocka.c)
 target_link_libraries(${TORTURE_LIBRARY} PRIVATE ${TORTURE_LINK_LIBRARIES})
 target_compile_options(${TORTURE_LIBRARY} PRIVATE
@@ -77,6 +78,7 @@ if (CLIENT_TESTING)
                    torture.c
                    torture_key.c
                    torture_pki.c
+                    torture_sk.c
                    torture_cmocka.c
               )
    target_link_libraries(${TORTURE_SHARED_LIBRARY} PUBLIC
--- a/tests/torture_sk.c
+++ b/tests/torture_sk.c
@@ -0,0 +1,96 @@
+/*
+ * torture_sk.c - torture library for testing security keys
+ *
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2025 Praneeth Sarode <praneethsarode@gmail.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#include "torture_sk.h"
+#include "libssh/pki.h"
+#include "torture.h"
+
+/* Helper function to validate ssh_key structure for security keys */
+void assert_sk_key_valid(ssh_key key,
+                         enum ssh_keytypes_e expected_type,
+                         bool private)
+{
+    char *app_str = NULL;
+    const char *expected_type_str = NULL;
+
+    assert_non_null(key);
+    assert_true(is_sk_key_type(expected_type));
+    assert_int_equal(key->type, expected_type);
+
+    if (private) {
+        assert_int_equal(key->flags,
+                         SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC);
+    } else {
+        assert_int_equal(key->flags, SSH_KEY_FLAG_PUBLIC);
+    }
+
+    expected_type_str = ssh_key_type_to_char(expected_type);
+    assert_non_null(expected_type_str);
+
+    assert_non_null(key->type_c);
+    assert_string_equal(key->type_c, expected_type_str);
+
+    /* Validate security key specific fields */
+    assert_non_null(key->sk_application);
+
+    /* Validate application string format and content */
+    app_str = ssh_string_to_char(key->sk_application);
+    assert_non_null(app_str);
+
+    assert_true(ssh_string_len(key->sk_application) >= 4);
+    assert_true(strncmp(app_str, "ssh:", 4) == 0);
+    ssh_string_free_char(app_str);
+
+    if (private) {
+        assert_non_null(key->sk_key_handle);
+        assert_true(ssh_string_len(key->sk_key_handle) > 0);
+    }
+
+    /* TODO: Check for sk_flags */
+
+    /* Validate underlying cryptographic key exists based on type */
+    switch (expected_type) {
+    case SSH_KEYTYPE_SK_ECDSA:
+#if defined(HAVE_LIBGCRYPT)
+        assert_non_null(key->ecdsa);
+#elif defined(HAVE_LIBMBEDCRYPTO)
+        assert_non_null(key->ecdsa);
+#elif defined(HAVE_LIBCRYPTO)
+        assert_non_null(key->key);
+#endif
+        break;
+
+    case SSH_KEYTYPE_SK_ED25519:
+#if defined(HAVE_LIBCRYPTO)
+        assert_non_null(key->key);
+#elif !defined(HAVE_LIBCRYPTO)
+        assert_non_null(key->ed25519_pubkey);
+#endif
+        break;
+
+    default:
+        /* Should not reach here */
+        assert_true(0);
+        break;
+    }
+}
--- a/tests/torture_sk.h
+++ b/tests/torture_sk.h
@@ -0,0 +1,40 @@
+/*
+ * torture_sk.h - torture library for testing security keys
+ *
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2025 Praneeth Sarode <praneethsarode@gmail.com>
+ *
+ * The SSH Library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The SSH Library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the SSH Library; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA.
+ */
+
+#ifndef _TORTURE_SK_H
+#define _TORTURE_SK_H
+
+#include "config.h"
+
+#define LIBSSH_STATIC
+
+#include <stdbool.h>
+
+#include "torture.h"
+#include "torture_pki.h"
+
+void assert_sk_key_valid(ssh_key key,
+                         enum ssh_keytypes_e expected_type,
+                         bool private);
+
+#endif /* _TORTURE_SK_H */