lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-06 13:20:57 +03:00
Code Activity
Files
acc080ac03a86d09152f307a90bea468fd1e11b0
libssh/tests/torture_sk.h
Praneeth Sarode e56af9fa79 feat(torture_sk): add validation functions for security key callback responses and resident keys 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
2025-11-09 05:52:48 +05:30

91 lines
3.0 KiB
C
Raw Blame History

/*
* torture_sk.h - torture library for testing security keys
*
* This file is part of the SSH Library
*
* Copyright (c) 2025 Praneeth Sarode <praneethsarode@gmail.com>
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef _TORTURE_SK_H
#define _TORTURE_SK_H
#include "config.h"
#define LIBSSH_STATIC
#include "torture.h"
/**
* @brief Validate a security key (ssh_key) structure
*
* Checks that the provided key is not NULL, matches the expected key type,
* and other internal fields.
*
* @param[in] key The key to validate
* @param[in] expected_type The expected key type (e.g., SSH_KEYTYPE_SK_ECDSA)
* @param[in] private true if key should be private, false for public
*/
void assert_sk_key_valid(ssh_key key,
enum ssh_keytypes_e expected_type,
bool private);
/**
* @brief Validate a security key enrollment response structure
*
* Validates that an sk_enroll_response contains valid data from a FIDO2
* enrollment operation, including public key, key handle, signature,
* attestation certificate, and authenticator data.
*
* @param[in] response The enrollment response to validate
* @param[in] flags The expected flags that should match the response flags
*/
void assert_sk_enroll_response(struct sk_enroll_response *response, int flags);
/**
* @brief Validate a security key sign response structure
*
* Validates that an sk_sign_response contains valid signature data from
* a FIDO2 sign operation.
*
* @param[in] response The sign response to validate
* @param[in] key_type The key type (e.g., SSH_SK_ECDSA, SSH_SK_ED25519)
*/
void assert_sk_sign_response(struct sk_sign_response *response,
enum ssh_keytypes_e key_type);
/**
* @brief Validate a security key resident key structure
*
* Validates that an sk_resident_key contains valid data including application
* identifier, user ID, public key, and key handle.
*
* @param[in] resident_key The resident key to validate
*/
void assert_sk_resident_key(struct sk_resident_key *resident_key);
/**
* @brief Get security key PIN from environment variable
*
* Reads the TORTURE_SK_PIN environment variable and returns its value.
*
* @return Pointer to PIN string if set and non-empty, NULL otherwise
*/
const char *torture_get_sk_pin(void);
#endif /* _TORTURE_SK_H */
View Git Blame Copy Permalink