mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-07-31 00:03:07 +03:00
pki: Remove unused function pki_signature_verify()
This removes unused function pki_signature_verify()
from pki_{crypto, mbedcrypto, gcrypt}. The function was also removed
from include/libssh/pki_priv.h. The function ssh_pki_signature_verify()
was changed to receive a const unsigned char *input.
All tests calling pki_signature_verify() were changed to call
ssh_pki_signature_verify() instead.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki
@ -133,7 +133,7 @@ int ssh_pki_import_signature_blob(const ssh_string sig_blob,
|
|||||||
int ssh_pki_signature_verify(ssh_session session,
|
int ssh_pki_signature_verify(ssh_session session,
|
||||||
ssh_signature sig,
|
ssh_signature sig,
|
||||||
const ssh_key key,
|
const ssh_key key,
|
||||||
unsigned char *digest,
|
const unsigned char *digest,
|
||||||
size_t dlen);
|
size_t dlen);
|
||||||
|
|
||||||
/* SSH Public Key Functions */
|
/* SSH Public Key Functions */
|
||||||
|
|||||||
@ -124,11 +124,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
|||||||
const ssh_string sig_blob,
|
const ssh_string sig_blob,
|
||||||
enum ssh_keytypes_e type,
|
enum ssh_keytypes_e type,
|
||||||
enum ssh_digest_e hash_type);
|
enum ssh_digest_e hash_type);
|
||||||
int pki_signature_verify(ssh_session session,
|
|
||||||
const ssh_signature sig,
|
|
||||||
const ssh_key key,
|
|
||||||
const unsigned char *input,
|
|
||||||
size_t input_len);
|
|
||||||
|
|
||||||
/* SSH Signing Functions */
|
/* SSH Signing Functions */
|
||||||
ssh_signature pki_do_sign(const ssh_key privkey,
|
ssh_signature pki_do_sign(const ssh_key privkey,
|
||||||
|
|||||||
@ -2239,7 +2239,7 @@ int pki_key_check_hash_compatible(ssh_key key,
|
|||||||
int ssh_pki_signature_verify(ssh_session session,
|
int ssh_pki_signature_verify(ssh_session session,
|
||||||
ssh_signature sig,
|
ssh_signature sig,
|
||||||
const ssh_key key,
|
const ssh_key key,
|
||||||
unsigned char *input,
|
const unsigned char *input,
|
||||||
size_t input_len)
|
size_t input_len)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|||||||
@ -1856,46 +1856,6 @@ error:
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
int pki_signature_verify(ssh_session session,
|
|
||||||
const ssh_signature sig,
|
|
||||||
const ssh_key key,
|
|
||||||
const unsigned char *input,
|
|
||||||
size_t input_len)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
|
|
||||||
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
|
|
||||||
"pki_signature_verify()");
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ssh_key_type_plain(key->type) != sig->type) {
|
|
||||||
SSH_LOG(SSH_LOG_WARN,
|
|
||||||
"Can not verify %s signature with %s key",
|
|
||||||
sig->type_c,
|
|
||||||
key->type_c);
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Check if public key and hash type are compatible */
|
|
||||||
rc = pki_key_check_hash_compatible(key, sig->hash_type);
|
|
||||||
if (rc != SSH_OK) {
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = pki_verify_data_signature(sig, key, input, input_len);
|
|
||||||
|
|
||||||
if (rc != SSH_OK){
|
|
||||||
ssh_set_error(session,
|
|
||||||
SSH_FATAL,
|
|
||||||
"Signature verification error");
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
return SSH_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type)
|
static const EVP_MD *pki_digest_to_md(enum ssh_digest_e hash_type)
|
||||||
{
|
{
|
||||||
const EVP_MD *md = NULL;
|
const EVP_MD *md = NULL;
|
||||||
|
|||||||
@ -2087,47 +2087,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
|||||||
return sig;
|
return sig;
|
||||||
}
|
}
|
||||||
|
|
||||||
int pki_signature_verify(ssh_session session,
|
|
||||||
const ssh_signature sig,
|
|
||||||
const ssh_key key,
|
|
||||||
const unsigned char *input,
|
|
||||||
size_t input_len)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
|
|
||||||
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
|
|
||||||
"pki_signature_verify()");
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ssh_key_type_plain(key->type) != sig->type) {
|
|
||||||
SSH_LOG(SSH_LOG_WARN,
|
|
||||||
"Can not verify %s signature with %s key",
|
|
||||||
sig->type_c,
|
|
||||||
key->type_c);
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Check if public key and hash type are compatible */
|
|
||||||
rc = pki_key_check_hash_compatible(key, sig->hash_type);
|
|
||||||
if (rc != SSH_OK) {
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* For the other key types, calculate the hash and verify the signature */
|
|
||||||
rc = pki_verify_data_signature(sig, key, input, input_len);
|
|
||||||
|
|
||||||
if (rc != SSH_OK){
|
|
||||||
ssh_set_error(session,
|
|
||||||
SSH_FATAL,
|
|
||||||
"Signature verification error");
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
return SSH_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssh_signature pki_do_sign_hash(const ssh_key privkey,
|
ssh_signature pki_do_sign_hash(const ssh_key privkey,
|
||||||
const unsigned char *hash,
|
const unsigned char *hash,
|
||||||
size_t hlen,
|
size_t hlen,
|
||||||
|
|||||||
@ -1022,42 +1022,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
|
|||||||
return sig;
|
return sig;
|
||||||
}
|
}
|
||||||
|
|
||||||
int pki_signature_verify(ssh_session session, const ssh_signature sig, const
|
|
||||||
ssh_key key, const unsigned char *input, size_t input_len)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
if (session == NULL || sig == NULL || key == NULL || input == NULL) {
|
|
||||||
SSH_LOG(SSH_LOG_TRACE, "Bad parameter provided to "
|
|
||||||
"pki_signature_verify()");
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ssh_key_type_plain(key->type) != sig->type) {
|
|
||||||
SSH_LOG(SSH_LOG_WARN,
|
|
||||||
"Can not verify %s signature with %s key",
|
|
||||||
sig->type_c,
|
|
||||||
key->type_c);
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Check if public key and hash type are compatible */
|
|
||||||
rc = pki_key_check_hash_compatible(key, sig->hash_type);
|
|
||||||
if (rc != SSH_OK) {
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = pki_verify_data_signature(sig, key, input, input_len);
|
|
||||||
if (rc != SSH_OK){
|
|
||||||
ssh_set_error(session,
|
|
||||||
SSH_FATAL,
|
|
||||||
"Signature verification error");
|
|
||||||
return SSH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
return SSH_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static ssh_string rsa_do_sign_hash(const unsigned char *digest,
|
static ssh_string rsa_do_sign_hash(const unsigned char *digest,
|
||||||
int dlen,
|
int dlen,
|
||||||
mbedtls_pk_context *privkey,
|
mbedtls_pk_context *privkey,
|
||||||
|
|||||||
@ -331,7 +331,7 @@ static void torture_pki_verify_mismatch(void **state)
|
|||||||
assert_int_equal(import_sig->type, key->type);
|
assert_int_equal(import_sig->type, key->type);
|
||||||
assert_string_equal(import_sig->type_c, skey_attrs.sig_type_c);
|
assert_string_equal(import_sig->type_c, skey_attrs.sig_type_c);
|
||||||
|
|
||||||
rc = pki_signature_verify(session,
|
rc = ssh_pki_signature_verify(session,
|
||||||
import_sig,
|
import_sig,
|
||||||
pubkey,
|
pubkey,
|
||||||
INPUT,
|
INPUT,
|
||||||
@ -374,7 +374,7 @@ static void torture_pki_verify_mismatch(void **state)
|
|||||||
assert_non_null(verify_pubkey);
|
assert_non_null(verify_pubkey);
|
||||||
|
|
||||||
/* Should gracefully fail, but not crash */
|
/* Should gracefully fail, but not crash */
|
||||||
rc = pki_signature_verify(session,
|
rc = ssh_pki_signature_verify(session,
|
||||||
sign,
|
sign,
|
||||||
verify_pubkey,
|
verify_pubkey,
|
||||||
INPUT,
|
INPUT,
|
||||||
@ -382,7 +382,7 @@ static void torture_pki_verify_mismatch(void **state)
|
|||||||
assert_true(rc != SSH_OK);
|
assert_true(rc != SSH_OK);
|
||||||
|
|
||||||
/* Try the same with the imported signature */
|
/* Try the same with the imported signature */
|
||||||
rc = pki_signature_verify(session,
|
rc = ssh_pki_signature_verify(session,
|
||||||
import_sig,
|
import_sig,
|
||||||
verify_pubkey,
|
verify_pubkey,
|
||||||
INPUT,
|
INPUT,
|
||||||
@ -401,7 +401,7 @@ static void torture_pki_verify_mismatch(void **state)
|
|||||||
assert_string_equal(new_sig->type_c, skey_attrs.sig_type_c);
|
assert_string_equal(new_sig->type_c, skey_attrs.sig_type_c);
|
||||||
|
|
||||||
/* The verification should not work */
|
/* The verification should not work */
|
||||||
rc = pki_signature_verify(session,
|
rc = ssh_pki_signature_verify(session,
|
||||||
new_sig,
|
new_sig,
|
||||||
verify_pubkey,
|
verify_pubkey,
|
||||||
INPUT,
|
INPUT,
|
||||||
|
|||||||
@ -809,7 +809,7 @@ static void torture_pki_dsa_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(key);
|
SSH_KEY_FREE(key);
|
||||||
@ -823,7 +823,7 @@ static void torture_pki_dsa_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(key);
|
SSH_KEY_FREE(key);
|
||||||
@ -837,7 +837,7 @@ static void torture_pki_dsa_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(key);
|
SSH_KEY_FREE(key);
|
||||||
@ -868,7 +868,7 @@ static void torture_pki_dsa_cert_verify(void **state)
|
|||||||
|
|
||||||
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(privkey);
|
SSH_KEY_FREE(privkey);
|
||||||
|
|||||||
@ -546,7 +546,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
|
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
|
||||||
@ -568,7 +568,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
|
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
|
||||||
@ -589,7 +589,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
|
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
|
||||||
@ -611,7 +611,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA384);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
|
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
|
||||||
@ -632,7 +632,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
|
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
|
||||||
@ -654,7 +654,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
|
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
|
||||||
@ -696,7 +696,7 @@ static void torture_pki_ecdsa_cert_verify(void **state)
|
|||||||
|
|
||||||
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), hash_type);
|
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), hash_type);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(privkey);
|
SSH_KEY_FREE(privkey);
|
||||||
|
|||||||
@ -440,7 +440,7 @@ static void torture_pki_ed25519_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, HASH, 20, SSH_DIGEST_AUTO);
|
sign = pki_do_sign(key, HASH, 20, SSH_DIGEST_AUTO);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, HASH, 20);
|
rc = ssh_pki_signature_verify(session, sign, pubkey, HASH, 20);
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
type = ssh_key_type(key);
|
type = ssh_key_type(key);
|
||||||
assert_true(type == SSH_KEYTYPE_ED25519);
|
assert_true(type == SSH_KEYTYPE_ED25519);
|
||||||
@ -455,7 +455,7 @@ static void torture_pki_ed25519_generate_key(void **state)
|
|||||||
#endif
|
#endif
|
||||||
assert_non_null(raw_sig_data);
|
assert_non_null(raw_sig_data);
|
||||||
(raw_sig_data)[3]^= 0xff;
|
(raw_sig_data)[3]^= 0xff;
|
||||||
rc = pki_signature_verify(session, sign, pubkey, HASH, 20);
|
rc = ssh_pki_signature_verify(session, sign, pubkey, HASH, 20);
|
||||||
assert_true(rc == SSH_ERROR);
|
assert_true(rc == SSH_ERROR);
|
||||||
|
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
@ -494,7 +494,7 @@ static void torture_pki_ed25519_cert_verify(void **state)
|
|||||||
|
|
||||||
sign = pki_do_sign(privkey, HASH, 20, SSH_DIGEST_AUTO);
|
sign = pki_do_sign(privkey, HASH, 20, SSH_DIGEST_AUTO);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, cert, HASH, 20);
|
rc = ssh_pki_signature_verify(session, sign, cert, HASH, 20);
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(privkey);
|
SSH_KEY_FREE(privkey);
|
||||||
@ -683,7 +683,7 @@ static void torture_pki_ed25519_verify(void **state){
|
|||||||
sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
|
sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
|
||||||
assert_non_null(sig);
|
assert_non_null(sig);
|
||||||
|
|
||||||
rc = pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
|
rc = ssh_pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
|
|
||||||
/* Alter signature and expect verification error */
|
/* Alter signature and expect verification error */
|
||||||
@ -694,7 +694,7 @@ static void torture_pki_ed25519_verify(void **state){
|
|||||||
#endif
|
#endif
|
||||||
assert_non_null(raw_sig_data);
|
assert_non_null(raw_sig_data);
|
||||||
(raw_sig_data)[3]^= 0xff;
|
(raw_sig_data)[3]^= 0xff;
|
||||||
rc = pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
|
rc = ssh_pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
|
||||||
assert_true(rc == SSH_ERROR);
|
assert_true(rc == SSH_ERROR);
|
||||||
|
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
@ -741,7 +741,7 @@ static void torture_pki_ed25519_verify_bad(void **state){
|
|||||||
sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
|
sig = pki_signature_from_blob(pubkey, blob, SSH_KEYTYPE_ED25519, SSH_DIGEST_AUTO);
|
||||||
assert_non_null(sig);
|
assert_non_null(sig);
|
||||||
|
|
||||||
rc = pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
|
rc = ssh_pki_signature_verify(session, sig, pubkey, HASH, sizeof(HASH));
|
||||||
assert_true(rc == SSH_ERROR);
|
assert_true(rc == SSH_ERROR);
|
||||||
ssh_signature_free(sig);
|
ssh_signature_free(sig);
|
||||||
|
|
||||||
|
|||||||
@ -553,7 +553,7 @@ static void torture_pki_rsa_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(key);
|
SSH_KEY_FREE(key);
|
||||||
@ -570,7 +570,7 @@ static void torture_pki_rsa_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(key);
|
SSH_KEY_FREE(key);
|
||||||
@ -586,7 +586,7 @@ static void torture_pki_rsa_generate_key(void **state)
|
|||||||
assert_non_null(pubkey);
|
assert_non_null(pubkey);
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
SSH_KEY_FREE(key);
|
SSH_KEY_FREE(key);
|
||||||
@ -625,9 +625,9 @@ static void torture_pki_rsa_sha2(void **state)
|
|||||||
/* Sign using old SHA1 digest */
|
/* Sign using old SHA1 digest */
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
}
|
}
|
||||||
@ -635,18 +635,18 @@ static void torture_pki_rsa_sha2(void **state)
|
|||||||
/* Sign using new SHA256 digest */
|
/* Sign using new SHA256 digest */
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
|
|
||||||
/* Sign using rsa-sha2-512 algorithm */
|
/* Sign using rsa-sha2-512 algorithm */
|
||||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
|
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA512);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
rc = pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
rc = pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
|
|
||||||
|
|||||||
@ -583,7 +583,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
|||||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
|
|
||||||
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
rc = ssh_pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
|
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
@ -602,7 +602,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
|||||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
|
|
||||||
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
rc = ssh_pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
||||||
assert_ssh_return_code(session, rc);
|
assert_ssh_return_code(session, rc);
|
||||||
|
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
@ -620,7 +620,7 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
|||||||
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||||
assert_non_null(sign);
|
assert_non_null(sign);
|
||||||
|
|
||||||
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
rc = ssh_pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
||||||
assert_true(rc == SSH_OK);
|
assert_true(rc == SSH_OK);
|
||||||
|
|
||||||
ssh_signature_free(sign);
|
ssh_signature_free(sign);
|
||||||
|
|||||||
Reference in New Issue
Block a user