diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-12-07 02:20:46 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-12-07 13:21:30 +1100 |
commit | da98c11d03d819a15429d8fff9688acd7505439f (patch) | |
tree | a89a3bd13a6f81a90d92acb192a882ff234deb78 /regress/unittests | |
parent | 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0 (diff) |
upstream commit
basic unit tests for rsa-sha2-* signature types
Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c
Diffstat (limited to 'regress/unittests')
-rw-r--r-- | regress/unittests/sshkey/test_fuzz.c | 30 | ||||
-rw-r--r-- | regress/unittests/sshkey/test_sshkey.c | 44 |
2 files changed, 55 insertions, 19 deletions
diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index cb7924de1..1f414e0ac 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: test_fuzz.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */ | 1 | /* $OpenBSD: test_fuzz.c,v 1.6 2015/12/07 02:20:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Fuzz tests for key parsing | 3 | * Fuzz tests for key parsing |
4 | * | 4 | * |
@@ -72,13 +72,13 @@ public_fuzz(struct sshkey *k) | |||
72 | } | 72 | } |
73 | 73 | ||
74 | static void | 74 | static void |
75 | sig_fuzz(struct sshkey *k) | 75 | sig_fuzz(struct sshkey *k, const char *sig_alg) |
76 | { | 76 | { |
77 | struct fuzz *fuzz; | 77 | struct fuzz *fuzz; |
78 | u_char *sig, c[] = "some junk to be signed"; | 78 | u_char *sig, c[] = "some junk to be signed"; |
79 | size_t l; | 79 | size_t l; |
80 | 80 | ||
81 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0); | 81 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0); |
82 | ASSERT_SIZE_T_GT(l, 0); | 82 | ASSERT_SIZE_T_GT(l, 0); |
83 | fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ | 83 | fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ |
84 | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | | 84 | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | |
@@ -352,7 +352,23 @@ sshkey_fuzz_tests(void) | |||
352 | buf = load_file("rsa_1"); | 352 | buf = load_file("rsa_1"); |
353 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | 353 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
354 | sshbuf_free(buf); | 354 | sshbuf_free(buf); |
355 | sig_fuzz(k1); | 355 | sig_fuzz(k1, "ssh-rsa"); |
356 | sshkey_free(k1); | ||
357 | TEST_DONE(); | ||
358 | |||
359 | TEST_START("fuzz RSA SHA256 sig"); | ||
360 | buf = load_file("rsa_1"); | ||
361 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | ||
362 | sshbuf_free(buf); | ||
363 | sig_fuzz(k1, "rsa-sha2-256"); | ||
364 | sshkey_free(k1); | ||
365 | TEST_DONE(); | ||
366 | |||
367 | TEST_START("fuzz RSA SHA512 sig"); | ||
368 | buf = load_file("rsa_1"); | ||
369 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | ||
370 | sshbuf_free(buf); | ||
371 | sig_fuzz(k1, "rsa-sha2-512"); | ||
356 | sshkey_free(k1); | 372 | sshkey_free(k1); |
357 | TEST_DONE(); | 373 | TEST_DONE(); |
358 | 374 | ||
@@ -360,7 +376,7 @@ sshkey_fuzz_tests(void) | |||
360 | buf = load_file("dsa_1"); | 376 | buf = load_file("dsa_1"); |
361 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | 377 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
362 | sshbuf_free(buf); | 378 | sshbuf_free(buf); |
363 | sig_fuzz(k1); | 379 | sig_fuzz(k1, NULL); |
364 | sshkey_free(k1); | 380 | sshkey_free(k1); |
365 | TEST_DONE(); | 381 | TEST_DONE(); |
366 | 382 | ||
@@ -369,7 +385,7 @@ sshkey_fuzz_tests(void) | |||
369 | buf = load_file("ecdsa_1"); | 385 | buf = load_file("ecdsa_1"); |
370 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | 386 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
371 | sshbuf_free(buf); | 387 | sshbuf_free(buf); |
372 | sig_fuzz(k1); | 388 | sig_fuzz(k1, NULL); |
373 | sshkey_free(k1); | 389 | sshkey_free(k1); |
374 | TEST_DONE(); | 390 | TEST_DONE(); |
375 | #endif | 391 | #endif |
@@ -378,7 +394,7 @@ sshkey_fuzz_tests(void) | |||
378 | buf = load_file("ed25519_1"); | 394 | buf = load_file("ed25519_1"); |
379 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); | 395 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); |
380 | sshbuf_free(buf); | 396 | sshbuf_free(buf); |
381 | sig_fuzz(k1); | 397 | sig_fuzz(k1, NULL); |
382 | sshkey_free(k1); | 398 | sshkey_free(k1); |
383 | TEST_DONE(); | 399 | TEST_DONE(); |
384 | 400 | ||
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 442e67344..1f160d1a7 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: test_sshkey.c,v 1.8 2015/10/06 01:20:59 djm Exp $ */ | 1 | /* $OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Regress test for sshkey.h key management API | 3 | * Regress test for sshkey.h key management API |
4 | * | 4 | * |
@@ -52,7 +52,8 @@ put_opt(struct sshbuf *b, const char *name, const char *value) | |||
52 | 52 | ||
53 | static void | 53 | static void |
54 | build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | 54 | build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, |
55 | const struct sshkey *sign_key, const struct sshkey *ca_key) | 55 | const struct sshkey *sign_key, const struct sshkey *ca_key, |
56 | const char *sig_alg) | ||
56 | { | 57 | { |
57 | struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; | 58 | struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; |
58 | u_char *sigblob; | 59 | u_char *sigblob; |
@@ -99,7 +100,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | |||
99 | ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ | 100 | ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ |
100 | ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ | 101 | ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ |
101 | ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, | 102 | ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, |
102 | sshbuf_ptr(b), sshbuf_len(b), 0), 0); | 103 | sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0); |
103 | ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ | 104 | ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ |
104 | 105 | ||
105 | free(sigblob); | 106 | free(sigblob); |
@@ -111,12 +112,13 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | |||
111 | } | 112 | } |
112 | 113 | ||
113 | static void | 114 | static void |
114 | signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) | 115 | signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg, |
116 | const u_char *d, size_t l) | ||
115 | { | 117 | { |
116 | size_t len; | 118 | size_t len; |
117 | u_char *sig; | 119 | u_char *sig; |
118 | 120 | ||
119 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0); | 121 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); |
120 | ASSERT_SIZE_T_GT(len, 8); | 122 | ASSERT_SIZE_T_GT(len, 8); |
121 | ASSERT_PTR_NE(sig, NULL); | 123 | ASSERT_PTR_NE(sig, NULL); |
122 | ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); | 124 | ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); |
@@ -143,7 +145,7 @@ banana(u_char *s, size_t l) | |||
143 | } | 145 | } |
144 | 146 | ||
145 | static void | 147 | static void |
146 | signature_tests(struct sshkey *k, struct sshkey *bad) | 148 | signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg) |
147 | { | 149 | { |
148 | u_char i, buf[2049]; | 150 | u_char i, buf[2049]; |
149 | size_t lens[] = { | 151 | size_t lens[] = { |
@@ -155,7 +157,7 @@ signature_tests(struct sshkey *k, struct sshkey *bad) | |||
155 | test_subtest_info("%s key, banana length %zu", | 157 | test_subtest_info("%s key, banana length %zu", |
156 | sshkey_type(k), lens[i]); | 158 | sshkey_type(k), lens[i]); |
157 | banana(buf, lens[i]); | 159 | banana(buf, lens[i]); |
158 | signature_test(k, bad, buf, lens[i]); | 160 | signature_test(k, bad, sig_alg, buf, lens[i]); |
159 | } | 161 | } |
160 | } | 162 | } |
161 | 163 | ||
@@ -469,7 +471,25 @@ sshkey_tests(void) | |||
469 | k1 = get_private("rsa_1"); | 471 | k1 = get_private("rsa_1"); |
470 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | 472 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, |
471 | NULL), 0); | 473 | NULL), 0); |
472 | signature_tests(k1, k2); | 474 | signature_tests(k1, k2, "ssh-rsa"); |
475 | sshkey_free(k1); | ||
476 | sshkey_free(k2); | ||
477 | TEST_DONE(); | ||
478 | |||
479 | TEST_START("sign and verify RSA-SHA256"); | ||
480 | k1 = get_private("rsa_1"); | ||
481 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | ||
482 | NULL), 0); | ||
483 | signature_tests(k1, k2, "rsa-sha2-256"); | ||
484 | sshkey_free(k1); | ||
485 | sshkey_free(k2); | ||
486 | TEST_DONE(); | ||
487 | |||
488 | TEST_START("sign and verify RSA-SHA512"); | ||
489 | k1 = get_private("rsa_1"); | ||
490 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | ||
491 | NULL), 0); | ||
492 | signature_tests(k1, k2, "rsa-sha2-512"); | ||
473 | sshkey_free(k1); | 493 | sshkey_free(k1); |
474 | sshkey_free(k2); | 494 | sshkey_free(k2); |
475 | TEST_DONE(); | 495 | TEST_DONE(); |
@@ -478,7 +498,7 @@ sshkey_tests(void) | |||
478 | k1 = get_private("dsa_1"); | 498 | k1 = get_private("dsa_1"); |
479 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, | 499 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, |
480 | NULL), 0); | 500 | NULL), 0); |
481 | signature_tests(k1, k2); | 501 | signature_tests(k1, k2, NULL); |
482 | sshkey_free(k1); | 502 | sshkey_free(k1); |
483 | sshkey_free(k2); | 503 | sshkey_free(k2); |
484 | TEST_DONE(); | 504 | TEST_DONE(); |
@@ -488,7 +508,7 @@ sshkey_tests(void) | |||
488 | k1 = get_private("ecdsa_1"); | 508 | k1 = get_private("ecdsa_1"); |
489 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, | 509 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, |
490 | NULL), 0); | 510 | NULL), 0); |
491 | signature_tests(k1, k2); | 511 | signature_tests(k1, k2, NULL); |
492 | sshkey_free(k1); | 512 | sshkey_free(k1); |
493 | sshkey_free(k2); | 513 | sshkey_free(k2); |
494 | TEST_DONE(); | 514 | TEST_DONE(); |
@@ -498,7 +518,7 @@ sshkey_tests(void) | |||
498 | k1 = get_private("ed25519_1"); | 518 | k1 = get_private("ed25519_1"); |
499 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, | 519 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, |
500 | NULL), 0); | 520 | NULL), 0); |
501 | signature_tests(k1, k2); | 521 | signature_tests(k1, k2, NULL); |
502 | sshkey_free(k1); | 522 | sshkey_free(k1); |
503 | sshkey_free(k2); | 523 | sshkey_free(k2); |
504 | TEST_DONE(); | 524 | TEST_DONE(); |
@@ -508,7 +528,7 @@ sshkey_tests(void) | |||
508 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, | 528 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, |
509 | NULL), 0); | 529 | NULL), 0); |
510 | k3 = get_private("rsa_1"); | 530 | k3 = get_private("rsa_1"); |
511 | build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1); | 531 | build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL); |
512 | ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), | 532 | ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), |
513 | SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); | 533 | SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); |
514 | ASSERT_PTR_EQ(k4, NULL); | 534 | ASSERT_PTR_EQ(k4, NULL); |