diff options
Diffstat (limited to 'regress/unittests/sshkey/test_sshkey.c')
-rw-r--r-- | regress/unittests/sshkey/test_sshkey.c | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index 9b3ce7ee4..1f160d1a7 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: test_sshkey.c,v 1.7 2015/08/05 05:27:33 djm Exp $ */ | 1 | /* $OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Regress test for sshkey.h key management API | 3 | * Regress test for sshkey.h key management API |
4 | * | 4 | * |
@@ -52,7 +52,8 @@ put_opt(struct sshbuf *b, const char *name, const char *value) | |||
52 | 52 | ||
53 | static void | 53 | static void |
54 | build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | 54 | build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, |
55 | const struct sshkey *sign_key, const struct sshkey *ca_key) | 55 | const struct sshkey *sign_key, const struct sshkey *ca_key, |
56 | const char *sig_alg) | ||
56 | { | 57 | { |
57 | struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; | 58 | struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; |
58 | u_char *sigblob; | 59 | u_char *sigblob; |
@@ -99,7 +100,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | |||
99 | ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ | 100 | ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ |
100 | ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ | 101 | ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ |
101 | ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, | 102 | ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, |
102 | sshbuf_ptr(b), sshbuf_len(b), 0), 0); | 103 | sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0); |
103 | ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ | 104 | ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ |
104 | 105 | ||
105 | free(sigblob); | 106 | free(sigblob); |
@@ -111,12 +112,13 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, | |||
111 | } | 112 | } |
112 | 113 | ||
113 | static void | 114 | static void |
114 | signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) | 115 | signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg, |
116 | const u_char *d, size_t l) | ||
115 | { | 117 | { |
116 | size_t len; | 118 | size_t len; |
117 | u_char *sig; | 119 | u_char *sig; |
118 | 120 | ||
119 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0); | 121 | ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); |
120 | ASSERT_SIZE_T_GT(len, 8); | 122 | ASSERT_SIZE_T_GT(len, 8); |
121 | ASSERT_PTR_NE(sig, NULL); | 123 | ASSERT_PTR_NE(sig, NULL); |
122 | ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); | 124 | ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); |
@@ -143,7 +145,7 @@ banana(u_char *s, size_t l) | |||
143 | } | 145 | } |
144 | 146 | ||
145 | static void | 147 | static void |
146 | signature_tests(struct sshkey *k, struct sshkey *bad) | 148 | signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg) |
147 | { | 149 | { |
148 | u_char i, buf[2049]; | 150 | u_char i, buf[2049]; |
149 | size_t lens[] = { | 151 | size_t lens[] = { |
@@ -155,7 +157,7 @@ signature_tests(struct sshkey *k, struct sshkey *bad) | |||
155 | test_subtest_info("%s key, banana length %zu", | 157 | test_subtest_info("%s key, banana length %zu", |
156 | sshkey_type(k), lens[i]); | 158 | sshkey_type(k), lens[i]); |
157 | banana(buf, lens[i]); | 159 | banana(buf, lens[i]); |
158 | signature_test(k, bad, buf, lens[i]); | 160 | signature_test(k, bad, sig_alg, buf, lens[i]); |
159 | } | 161 | } |
160 | } | 162 | } |
161 | 163 | ||
@@ -166,7 +168,7 @@ get_private(const char *n) | |||
166 | struct sshkey *ret; | 168 | struct sshkey *ret; |
167 | 169 | ||
168 | b = load_file(n); | 170 | b = load_file(n); |
169 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", n, &ret, NULL), 0); | 171 | ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", &ret, NULL), 0); |
170 | sshbuf_free(b); | 172 | sshbuf_free(b); |
171 | return ret; | 173 | return ret; |
172 | } | 174 | } |
@@ -469,7 +471,25 @@ sshkey_tests(void) | |||
469 | k1 = get_private("rsa_1"); | 471 | k1 = get_private("rsa_1"); |
470 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | 472 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, |
471 | NULL), 0); | 473 | NULL), 0); |
472 | signature_tests(k1, k2); | 474 | signature_tests(k1, k2, "ssh-rsa"); |
475 | sshkey_free(k1); | ||
476 | sshkey_free(k2); | ||
477 | TEST_DONE(); | ||
478 | |||
479 | TEST_START("sign and verify RSA-SHA256"); | ||
480 | k1 = get_private("rsa_1"); | ||
481 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | ||
482 | NULL), 0); | ||
483 | signature_tests(k1, k2, "rsa-sha2-256"); | ||
484 | sshkey_free(k1); | ||
485 | sshkey_free(k2); | ||
486 | TEST_DONE(); | ||
487 | |||
488 | TEST_START("sign and verify RSA-SHA512"); | ||
489 | k1 = get_private("rsa_1"); | ||
490 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, | ||
491 | NULL), 0); | ||
492 | signature_tests(k1, k2, "rsa-sha2-512"); | ||
473 | sshkey_free(k1); | 493 | sshkey_free(k1); |
474 | sshkey_free(k2); | 494 | sshkey_free(k2); |
475 | TEST_DONE(); | 495 | TEST_DONE(); |
@@ -478,7 +498,7 @@ sshkey_tests(void) | |||
478 | k1 = get_private("dsa_1"); | 498 | k1 = get_private("dsa_1"); |
479 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, | 499 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, |
480 | NULL), 0); | 500 | NULL), 0); |
481 | signature_tests(k1, k2); | 501 | signature_tests(k1, k2, NULL); |
482 | sshkey_free(k1); | 502 | sshkey_free(k1); |
483 | sshkey_free(k2); | 503 | sshkey_free(k2); |
484 | TEST_DONE(); | 504 | TEST_DONE(); |
@@ -488,7 +508,7 @@ sshkey_tests(void) | |||
488 | k1 = get_private("ecdsa_1"); | 508 | k1 = get_private("ecdsa_1"); |
489 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, | 509 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, |
490 | NULL), 0); | 510 | NULL), 0); |
491 | signature_tests(k1, k2); | 511 | signature_tests(k1, k2, NULL); |
492 | sshkey_free(k1); | 512 | sshkey_free(k1); |
493 | sshkey_free(k2); | 513 | sshkey_free(k2); |
494 | TEST_DONE(); | 514 | TEST_DONE(); |
@@ -498,7 +518,7 @@ sshkey_tests(void) | |||
498 | k1 = get_private("ed25519_1"); | 518 | k1 = get_private("ed25519_1"); |
499 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, | 519 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, |
500 | NULL), 0); | 520 | NULL), 0); |
501 | signature_tests(k1, k2); | 521 | signature_tests(k1, k2, NULL); |
502 | sshkey_free(k1); | 522 | sshkey_free(k1); |
503 | sshkey_free(k2); | 523 | sshkey_free(k2); |
504 | TEST_DONE(); | 524 | TEST_DONE(); |
@@ -508,7 +528,7 @@ sshkey_tests(void) | |||
508 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, | 528 | ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, |
509 | NULL), 0); | 529 | NULL), 0); |
510 | k3 = get_private("rsa_1"); | 530 | k3 = get_private("rsa_1"); |
511 | build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1); | 531 | build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL); |
512 | ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), | 532 | ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), |
513 | SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); | 533 | SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); |
514 | ASSERT_PTR_EQ(k4, NULL); | 534 | ASSERT_PTR_EQ(k4, NULL); |