lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-29 13:01:13 +03:00
Code Activity

tests: Use public key to verify signatures

Browse Source 
Previously in the tests the private key structure would be used for
signature verification.  Use the corresponding public key instead.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Anderson Toshiyuki Sasaki
2019-05-02 16:07:09 +02:00
committed by Andreas Schneider
parent 88a8b1f57c
commit d923dc39c1
5 changed files with 117 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/unittests/torture_pki.c
View File

@ -165,7 +165,7 @@ static void torture_pki_verify_mismatch(void **state)
{
int rc;
int verbosity = torture_libssh_verbosity();
ssh_key key = NULL, verify_key = NULL;
ssh_key key = NULL, verify_key = NULL, pubkey = NULL, verify_pubkey = NULL;
ssh_signature sign = NULL, import_sig = NULL, new_sig = NULL;
ssh_string blob;
ssh_session session = ssh_new();
@ -190,6 +190,9 @@ static void torture_pki_verify_mismatch(void **state)
assert_non_null(key);
assert_int_equal(key->type, sig_type);
assert_string_equal(key->type_c, skey_attrs.type_c);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
for (hash = SSH_DIGEST_AUTO;
hash <= SSH_DIGEST_SHA512;
@ -238,7 +241,7 @@ static void torture_pki_verify_mismatch(void **state)
/* Internal API: Should work */
rc = pki_signature_verify(session,
import_sig,
key,
pubkey,
HASH,
hash_length);
assert_true(rc == SSH_OK);
@ -256,17 +259,21 @@ static void torture_pki_verify_mismatch(void **state)
if (is_cert_type(key_type)) {
torture_write_file("libssh_testkey-cert.pub",
torture_get_testkey_pub(key_type));
rc = ssh_pki_import_cert_file("libssh_testkey-cert.pub", &verify_key);
rc = ssh_pki_import_cert_file("libssh_testkey-cert.pub", &verify_pubkey);
verify_key = NULL;
} else {
rc = ssh_pki_generate(key_type, vkey_attrs.size_arg, &verify_key);
}
assert_true(rc == SSH_OK);
assert_int_equal(rc, SSH_OK);
assert_non_null(verify_key);
rc = ssh_pki_export_privkey_to_pubkey(verify_key, &verify_pubkey);
}
assert_int_equal(rc, SSH_OK);
assert_non_null(verify_pubkey);
/* Should gracefully fail, but not crash */
rc = pki_signature_verify(session,
sign,
verify_key,
verify_pubkey,
HASH,
hash_length);
assert_true(rc != SSH_OK);
@ -274,13 +281,13 @@ static void torture_pki_verify_mismatch(void **state)
/* Try the same with the imported signature */
rc = pki_signature_verify(session,
import_sig,
verify_key,
verify_pubkey,
HASH,
hash_length);
assert_true(rc != SSH_OK);
/* Try to import the signature blob with different key */
new_sig = pki_signature_from_blob(verify_key,
new_sig = pki_signature_from_blob(verify_pubkey,
blob,
sig_type,
import_sig->hash_type);
@ -298,7 +305,7 @@ static void torture_pki_verify_mismatch(void **state)
/* The verification should not work */
rc = pki_signature_verify(session,
new_sig,
verify_key,
verify_pubkey,
HASH,
hash_length);
assert_true(rc != SSH_OK);
@ -308,6 +315,7 @@ static void torture_pki_verify_mismatch(void **state)
assert_null(new_sig);
}
SSH_KEY_FREE(verify_key);
SSH_KEY_FREE(verify_pubkey);
}
ssh_string_free(blob);
@ -321,6 +329,7 @@ static void torture_pki_verify_mismatch(void **state)
}
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
key = NULL;
}

20
tests/unittests/torture_pki_dsa.c
View File

@ -673,7 +673,7 @@ static void torture_pki_dsa_duplicate_key(void **state)
static void torture_pki_dsa_generate_key(void **state)
{
int rc;
ssh_key key = NULL;
ssh_key key = NULL, pubkey = NULL;
ssh_signature sign = NULL;
ssh_session session=ssh_new();
(void) state;
@ -681,32 +681,44 @@ static void torture_pki_dsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, DSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, DSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, DSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,DSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, DSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
ssh_free(session);
}

38
tests/unittests/torture_pki_ecdsa.c
View File

@ -463,7 +463,7 @@ static void torture_pki_ecdsa_duplicate_then_demote(void **state)
static void torture_pki_generate_key_ecdsa(void **state)
{
int rc;
ssh_key key = NULL;
ssh_key key = NULL, pubkey = NULL;
ssh_signature sign = NULL;
enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
const char *type_char = NULL;
@ -474,9 +474,12 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
@ -487,14 +490,18 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
@ -505,13 +512,17 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
@ -522,14 +533,18 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA384);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
@ -540,13 +555,17 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
@ -557,14 +576,18 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, ECDSA_HASH, 20, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, ECDSA_HASH, 20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
@ -575,6 +598,7 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
ssh_free(session);
}

45
tests/unittests/torture_pki_rsa.c
View File

@ -461,7 +461,7 @@ static void torture_pki_rsa_duplicate_key(void **state)
static void torture_pki_rsa_generate_key(void **state)
{
int rc;
ssh_key key = NULL;
ssh_key key = NULL, pubkey = NULL;
ssh_signature sign = NULL;
ssh_session session=ssh_new();
(void) state;
@ -469,35 +469,50 @@ static void torture_pki_rsa_generate_key(void **state)
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
key=NULL;
SSH_KEY_FREE(pubkey);
key = NULL;
pubkey = NULL;
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
key=NULL;
SSH_KEY_FREE(pubkey);
key = NULL;
pubkey = NULL;
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
key=NULL;
SSH_KEY_FREE(pubkey);
key = NULL;
pubkey = NULL;
ssh_free(session);
}
@ -505,7 +520,7 @@ static void torture_pki_rsa_generate_key(void **state)
static void torture_pki_rsa_sha2(void **state)
{
int rc;
ssh_key key = NULL, cert = NULL;
ssh_key key = NULL, cert = NULL, pubkey = NULL;
ssh_signature sign;
ssh_session session=ssh_new();
(void) state;
@ -521,10 +536,15 @@ static void torture_pki_rsa_sha2(void **state)
assert_true(rc == SSH_OK);
assert_non_null(cert);
/* Get the public key to verify signature */
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
/* Sign using automatic digest */
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_AUTO);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, RSA_HASH, 20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
@ -533,7 +553,7 @@ static void torture_pki_rsa_sha2(void **state)
/* Sign using old SHA1 digest */
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA1);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, RSA_HASH, 20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
@ -542,7 +562,7 @@ static void torture_pki_rsa_sha2(void **state)
/* Sign using new SHA256 digest */
sign = pki_do_sign(key, SHA256_HASH, 32, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, SHA256_HASH, 32);
rc = pki_signature_verify(session, sign, pubkey, SHA256_HASH, 32);
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, SHA256_HASH, 32);
assert_ssh_return_code(session, rc);
@ -551,7 +571,7 @@ static void torture_pki_rsa_sha2(void **state)
/* Sign using rsa-sha2-512 algorithm */
sign = pki_do_sign(key, SHA512_HASH, 64, SSH_DIGEST_SHA512);
assert_non_null(sign);
rc = pki_signature_verify(session, sign, key, SHA512_HASH, 64);
rc = pki_signature_verify(session, sign, pubkey, SHA512_HASH, 64);
assert_ssh_return_code(session, rc);
rc = pki_signature_verify(session, sign, cert, SHA512_HASH, 64);
assert_ssh_return_code(session, rc);
@ -559,6 +579,7 @@ static void torture_pki_rsa_sha2(void **state)
/* Cleanup */
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
SSH_KEY_FREE(cert);
ssh_free(session);
}

25
tests/unittests/torture_threads_pki_rsa.c
View File

@ -562,7 +562,7 @@ static void torture_pki_rsa_duplicate_key(void **state)
static void *thread_pki_rsa_generate_key(void *threadid)
{
int rc;
ssh_key key = NULL;
ssh_key key = NULL, pubkey = NULL;
ssh_signature sign = NULL;
ssh_session session = NULL;
@ -575,42 +575,55 @@ static void *thread_pki_rsa_generate_key(void *threadid)
assert_ssh_return_code(session, rc);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
assert_ssh_return_code(session, rc);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_ssh_return_code(session, rc);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
SSH_KEY_FREE(pubkey);
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 4096, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_int_equal(rc, SSH_OK);
assert_non_null(pubkey);
sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,RSA_HASH,20);
rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
assert_true(rc == SSH_OK);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
key = NULL;
SSH_KEY_FREE(pubkey);
ssh_free(session);
pthread_exit(NULL);