summaryrefslogtreecommitdiff
path: root/regress/unittests/sshkey/test_sshkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'regress/unittests/sshkey/test_sshkey.c')
-rw-r--r--regress/unittests/sshkey/test_sshkey.c46
1 files changed, 33 insertions, 13 deletions
diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 9b3ce7ee4..1f160d1a7 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: test_sshkey.c,v 1.7 2015/08/05 05:27:33 djm Exp $ */ 1/* $OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */
2/* 2/*
3 * Regress test for sshkey.h key management API 3 * Regress test for sshkey.h key management API
4 * 4 *
@@ -52,7 +52,8 @@ put_opt(struct sshbuf *b, const char *name, const char *value)
52 52
53static void 53static void
54build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, 54build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
55 const struct sshkey *sign_key, const struct sshkey *ca_key) 55 const struct sshkey *sign_key, const struct sshkey *ca_key,
56 const char *sig_alg)
56{ 57{
57 struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; 58 struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts;
58 u_char *sigblob; 59 u_char *sigblob;
@@ -99,7 +100,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
99 ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ 100 ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */
100 ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ 101 ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */
101 ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, 102 ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen,
102 sshbuf_ptr(b), sshbuf_len(b), 0), 0); 103 sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0);
103 ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ 104 ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
104 105
105 free(sigblob); 106 free(sigblob);
@@ -111,12 +112,13 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
111} 112}
112 113
113static void 114static void
114signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) 115signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg,
116 const u_char *d, size_t l)
115{ 117{
116 size_t len; 118 size_t len;
117 u_char *sig; 119 u_char *sig;
118 120
119 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0); 121 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0);
120 ASSERT_SIZE_T_GT(len, 8); 122 ASSERT_SIZE_T_GT(len, 8);
121 ASSERT_PTR_NE(sig, NULL); 123 ASSERT_PTR_NE(sig, NULL);
122 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); 124 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0);
@@ -143,7 +145,7 @@ banana(u_char *s, size_t l)
143} 145}
144 146
145static void 147static void
146signature_tests(struct sshkey *k, struct sshkey *bad) 148signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg)
147{ 149{
148 u_char i, buf[2049]; 150 u_char i, buf[2049];
149 size_t lens[] = { 151 size_t lens[] = {
@@ -155,7 +157,7 @@ signature_tests(struct sshkey *k, struct sshkey *bad)
155 test_subtest_info("%s key, banana length %zu", 157 test_subtest_info("%s key, banana length %zu",
156 sshkey_type(k), lens[i]); 158 sshkey_type(k), lens[i]);
157 banana(buf, lens[i]); 159 banana(buf, lens[i]);
158 signature_test(k, bad, buf, lens[i]); 160 signature_test(k, bad, sig_alg, buf, lens[i]);
159 } 161 }
160} 162}
161 163
@@ -166,7 +168,7 @@ get_private(const char *n)
166 struct sshkey *ret; 168 struct sshkey *ret;
167 169
168 b = load_file(n); 170 b = load_file(n);
169 ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", n, &ret, NULL), 0); 171 ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", &ret, NULL), 0);
170 sshbuf_free(b); 172 sshbuf_free(b);
171 return ret; 173 return ret;
172} 174}
@@ -469,7 +471,25 @@ sshkey_tests(void)
469 k1 = get_private("rsa_1"); 471 k1 = get_private("rsa_1");
470 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, 472 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
471 NULL), 0); 473 NULL), 0);
472 signature_tests(k1, k2); 474 signature_tests(k1, k2, "ssh-rsa");
475 sshkey_free(k1);
476 sshkey_free(k2);
477 TEST_DONE();
478
479 TEST_START("sign and verify RSA-SHA256");
480 k1 = get_private("rsa_1");
481 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
482 NULL), 0);
483 signature_tests(k1, k2, "rsa-sha2-256");
484 sshkey_free(k1);
485 sshkey_free(k2);
486 TEST_DONE();
487
488 TEST_START("sign and verify RSA-SHA512");
489 k1 = get_private("rsa_1");
490 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
491 NULL), 0);
492 signature_tests(k1, k2, "rsa-sha2-512");
473 sshkey_free(k1); 493 sshkey_free(k1);
474 sshkey_free(k2); 494 sshkey_free(k2);
475 TEST_DONE(); 495 TEST_DONE();
@@ -478,7 +498,7 @@ sshkey_tests(void)
478 k1 = get_private("dsa_1"); 498 k1 = get_private("dsa_1");
479 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, 499 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
480 NULL), 0); 500 NULL), 0);
481 signature_tests(k1, k2); 501 signature_tests(k1, k2, NULL);
482 sshkey_free(k1); 502 sshkey_free(k1);
483 sshkey_free(k2); 503 sshkey_free(k2);
484 TEST_DONE(); 504 TEST_DONE();
@@ -488,7 +508,7 @@ sshkey_tests(void)
488 k1 = get_private("ecdsa_1"); 508 k1 = get_private("ecdsa_1");
489 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, 509 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
490 NULL), 0); 510 NULL), 0);
491 signature_tests(k1, k2); 511 signature_tests(k1, k2, NULL);
492 sshkey_free(k1); 512 sshkey_free(k1);
493 sshkey_free(k2); 513 sshkey_free(k2);
494 TEST_DONE(); 514 TEST_DONE();
@@ -498,7 +518,7 @@ sshkey_tests(void)
498 k1 = get_private("ed25519_1"); 518 k1 = get_private("ed25519_1");
499 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, 519 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2,
500 NULL), 0); 520 NULL), 0);
501 signature_tests(k1, k2); 521 signature_tests(k1, k2, NULL);
502 sshkey_free(k1); 522 sshkey_free(k1);
503 sshkey_free(k2); 523 sshkey_free(k2);
504 TEST_DONE(); 524 TEST_DONE();
@@ -508,7 +528,7 @@ sshkey_tests(void)
508 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 528 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
509 NULL), 0); 529 NULL), 0);
510 k3 = get_private("rsa_1"); 530 k3 = get_private("rsa_1");
511 build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1); 531 build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL);
512 ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), 532 ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
513 SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); 533 SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);
514 ASSERT_PTR_EQ(k4, NULL); 534 ASSERT_PTR_EQ(k4, NULL);