diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c index 4cff35c7..06172f42 100644 --- a/tests/unittests/torture_pki.c +++ b/tests/unittests/torture_pki.c @@ -165,7 +165,7 @@ static void torture_pki_verify_mismatch(void **state) { int rc; int verbosity = torture_libssh_verbosity(); - ssh_key key = NULL, verify_key = NULL; + ssh_key key = NULL, verify_key = NULL, pubkey = NULL, verify_pubkey = NULL; ssh_signature sign = NULL, import_sig = NULL, new_sig = NULL; ssh_string blob; ssh_session session = ssh_new(); @@ -190,6 +190,9 @@ static void torture_pki_verify_mismatch(void **state) assert_non_null(key); assert_int_equal(key->type, sig_type); assert_string_equal(key->type_c, skey_attrs.type_c); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); for (hash = SSH_DIGEST_AUTO; hash <= SSH_DIGEST_SHA512; @@ -238,7 +241,7 @@ static void torture_pki_verify_mismatch(void **state) /* Internal API: Should work */ rc = pki_signature_verify(session, import_sig, - key, + pubkey, HASH, hash_length); assert_true(rc == SSH_OK); @@ -256,17 +259,21 @@ static void torture_pki_verify_mismatch(void **state) if (is_cert_type(key_type)) { torture_write_file("libssh_testkey-cert.pub", torture_get_testkey_pub(key_type)); - rc = ssh_pki_import_cert_file("libssh_testkey-cert.pub", &verify_key); + rc = ssh_pki_import_cert_file("libssh_testkey-cert.pub", &verify_pubkey); + verify_key = NULL; } else { rc = ssh_pki_generate(key_type, vkey_attrs.size_arg, &verify_key); + assert_int_equal(rc, SSH_OK); + assert_non_null(verify_key); + rc = ssh_pki_export_privkey_to_pubkey(verify_key, &verify_pubkey); } - assert_true(rc == SSH_OK); - assert_non_null(verify_key); + assert_int_equal(rc, SSH_OK); + assert_non_null(verify_pubkey); /* Should gracefully fail, but not crash */ rc = pki_signature_verify(session, sign, - verify_key, + verify_pubkey, HASH, hash_length); assert_true(rc != SSH_OK); @@ -274,13 +281,13 @@ static void torture_pki_verify_mismatch(void **state) /* Try the same with the imported signature */ rc = pki_signature_verify(session, import_sig, - verify_key, + verify_pubkey, HASH, hash_length); assert_true(rc != SSH_OK); /* Try to import the signature blob with different key */ - new_sig = pki_signature_from_blob(verify_key, + new_sig = pki_signature_from_blob(verify_pubkey, blob, sig_type, import_sig->hash_type); @@ -298,7 +305,7 @@ static void torture_pki_verify_mismatch(void **state) /* The verification should not work */ rc = pki_signature_verify(session, new_sig, - verify_key, + verify_pubkey, HASH, hash_length); assert_true(rc != SSH_OK); @@ -308,6 +315,7 @@ static void torture_pki_verify_mismatch(void **state) assert_null(new_sig); } SSH_KEY_FREE(verify_key); + SSH_KEY_FREE(verify_pubkey); } ssh_string_free(blob); @@ -321,6 +329,7 @@ static void torture_pki_verify_mismatch(void **state) } SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); key = NULL; } diff --git a/tests/unittests/torture_pki_dsa.c b/tests/unittests/torture_pki_dsa.c index 69ccb6d7..94acc2ef 100644 --- a/tests/unittests/torture_pki_dsa.c +++ b/tests/unittests/torture_pki_dsa.c @@ -673,7 +673,7 @@ static void torture_pki_dsa_duplicate_key(void **state) static void torture_pki_dsa_generate_key(void **state) { int rc; - ssh_key key = NULL; + ssh_key key = NULL, pubkey = NULL; ssh_signature sign = NULL; ssh_session session=ssh_new(); (void) state; @@ -681,32 +681,44 @@ static void torture_pki_dsa_generate_key(void **state) rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,DSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, DSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,DSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, DSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,DSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, DSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); ssh_free(session); } diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c index 261b1ba8..06201eb4 100644 --- a/tests/unittests/torture_pki_ecdsa.c +++ b/tests/unittests/torture_pki_ecdsa.c @@ -463,7 +463,7 @@ static void torture_pki_ecdsa_duplicate_then_demote(void **state) static void torture_pki_generate_key_ecdsa(void **state) { int rc; - ssh_key key = NULL; + ssh_key key = NULL, pubkey = NULL; ssh_signature sign = NULL; enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN; const char *type_char = NULL; @@ -474,9 +474,12 @@ static void torture_pki_generate_key_ecdsa(void **state) rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20); assert_true(rc == SSH_OK); type = ssh_key_type(key); assert_true(type == SSH_KEYTYPE_ECDSA_P256); @@ -487,14 +490,18 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); /* deprecated */ rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20); assert_true(rc == SSH_OK); type = ssh_key_type(key); assert_true(type == SSH_KEYTYPE_ECDSA_P256); @@ -505,13 +512,17 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20); assert_true(rc == SSH_OK); type = ssh_key_type(key); assert_true(type == SSH_KEYTYPE_ECDSA_P384); @@ -522,14 +533,18 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); /* deprecated */ rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20); assert_true(rc == SSH_OK); type = ssh_key_type(key); assert_true(type == SSH_KEYTYPE_ECDSA_P384); @@ -540,13 +555,17 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20); assert_true(rc == SSH_OK); type = ssh_key_type(key); assert_true(type == SSH_KEYTYPE_ECDSA_P521); @@ -557,14 +576,18 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); /* deprecated */ rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20); assert_true(rc == SSH_OK); type = ssh_key_type(key); assert_true(type == SSH_KEYTYPE_ECDSA_P521); @@ -575,6 +598,7 @@ static void torture_pki_generate_key_ecdsa(void **state) ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); ssh_free(session); } diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c index 68bbf5c0..fc9a1fed 100644 --- a/tests/unittests/torture_pki_rsa.c +++ b/tests/unittests/torture_pki_rsa.c @@ -461,7 +461,7 @@ static void torture_pki_rsa_duplicate_key(void **state) static void torture_pki_rsa_generate_key(void **state) { int rc; - ssh_key key = NULL; + ssh_key key = NULL, pubkey = NULL; ssh_signature sign = NULL; ssh_session session=ssh_new(); (void) state; @@ -469,35 +469,50 @@ static void torture_pki_rsa_generate_key(void **state) rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); - key=NULL; + SSH_KEY_FREE(pubkey); + key = NULL; + pubkey = NULL; rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); - key=NULL; + SSH_KEY_FREE(pubkey); + key = NULL; + pubkey = NULL; rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); - key=NULL; + SSH_KEY_FREE(pubkey); + key = NULL; + pubkey = NULL; ssh_free(session); } @@ -505,7 +520,7 @@ static void torture_pki_rsa_generate_key(void **state) static void torture_pki_rsa_sha2(void **state) { int rc; - ssh_key key = NULL, cert = NULL; + ssh_key key = NULL, cert = NULL, pubkey = NULL; ssh_signature sign; ssh_session session=ssh_new(); (void) state; @@ -521,10 +536,15 @@ static void torture_pki_rsa_sha2(void **state) assert_true(rc == SSH_OK); assert_non_null(cert); + /* Get the public key to verify signature */ + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + /* Sign using automatic digest */ sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_AUTO); assert_non_null(sign); - rc = pki_signature_verify(session, sign, key, RSA_HASH, 20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_ssh_return_code(session, rc); rc = pki_signature_verify(session, sign, cert, RSA_HASH, 20); assert_ssh_return_code(session, rc); @@ -533,7 +553,7 @@ static void torture_pki_rsa_sha2(void **state) /* Sign using old SHA1 digest */ sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA1); assert_non_null(sign); - rc = pki_signature_verify(session, sign, key, RSA_HASH, 20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_ssh_return_code(session, rc); rc = pki_signature_verify(session, sign, cert, RSA_HASH, 20); assert_ssh_return_code(session, rc); @@ -542,7 +562,7 @@ static void torture_pki_rsa_sha2(void **state) /* Sign using new SHA256 digest */ sign = pki_do_sign(key, SHA256_HASH, 32, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session, sign, key, SHA256_HASH, 32); + rc = pki_signature_verify(session, sign, pubkey, SHA256_HASH, 32); assert_ssh_return_code(session, rc); rc = pki_signature_verify(session, sign, cert, SHA256_HASH, 32); assert_ssh_return_code(session, rc); @@ -551,7 +571,7 @@ static void torture_pki_rsa_sha2(void **state) /* Sign using rsa-sha2-512 algorithm */ sign = pki_do_sign(key, SHA512_HASH, 64, SSH_DIGEST_SHA512); assert_non_null(sign); - rc = pki_signature_verify(session, sign, key, SHA512_HASH, 64); + rc = pki_signature_verify(session, sign, pubkey, SHA512_HASH, 64); assert_ssh_return_code(session, rc); rc = pki_signature_verify(session, sign, cert, SHA512_HASH, 64); assert_ssh_return_code(session, rc); @@ -559,6 +579,7 @@ static void torture_pki_rsa_sha2(void **state) /* Cleanup */ SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); SSH_KEY_FREE(cert); ssh_free(session); } diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c index 752db411..5a841ee9 100644 --- a/tests/unittests/torture_threads_pki_rsa.c +++ b/tests/unittests/torture_threads_pki_rsa.c @@ -562,7 +562,7 @@ static void torture_pki_rsa_duplicate_key(void **state) static void *thread_pki_rsa_generate_key(void *threadid) { int rc; - ssh_key key = NULL; + ssh_key key = NULL, pubkey = NULL; ssh_signature sign = NULL; ssh_session session = NULL; @@ -575,42 +575,55 @@ static void *thread_pki_rsa_generate_key(void *threadid) assert_ssh_return_code(session, rc); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_ssh_return_code(session, rc); ssh_signature_free(sign); SSH_KEY_FREE(key); + SSH_KEY_FREE(pubkey); rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key); assert_ssh_return_code(session, rc); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_ssh_return_code(session, rc); ssh_signature_free(sign); SSH_KEY_FREE(key); - + SSH_KEY_FREE(pubkey); rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key); assert_true(rc == SSH_OK); assert_non_null(key); + rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey); + assert_int_equal(rc, SSH_OK); + assert_non_null(pubkey); + sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256); assert_non_null(sign); - rc = pki_signature_verify(session,sign,key,RSA_HASH,20); + rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20); assert_true(rc == SSH_OK); ssh_signature_free(sign); SSH_KEY_FREE(key); - key = NULL; + SSH_KEY_FREE(pubkey); ssh_free(session); pthread_exit(NULL);