ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность

libssh: deprecate SSH_KEYTYPE_ECDSA

Просмотр исходного кода 
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Этот коммит содержится в:
Ben Toews 2019-03-12 10:25:49 -06:00 коммит произвёл Andreas Schneider
родитель 78f764b7c9
Коммит b1f3cfec34
29 изменённых файлов: 546 добавлений и 359 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
include/libssh/libssh.h
Просмотреть файл

@ -293,10 +293,13 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_DSS=1,
SSH_KEYTYPE_RSA,
SSH_KEYTYPE_RSA1,
SSH_KEYTYPE_ECDSA,
SSH_KEYTYPE_ECDSA, /* deprecated */
SSH_KEYTYPE_ED25519,
SSH_KEYTYPE_DSS_CERT01,
SSH_KEYTYPE_RSA_CERT01
SSH_KEYTYPE_RSA_CERT01,
SSH_KEYTYPE_ECDSA_P256,
SSH_KEYTYPE_ECDSA_P384,
SSH_KEYTYPE_ECDSA_P521,
};
enum ssh_keycmp_e {

3
include/libssh/pki.h
Просмотреть файл

@ -101,6 +101,9 @@ ssh_key_get_signature_algorithm(ssh_session session,
enum ssh_keytypes_e type);
enum ssh_keytypes_e ssh_key_type_from_signature_name(const char *name);
#define is_ecdsa_key_type(t) \
((t) >= SSH_KEYTYPE_ECDSA_P256 && (t) <= SSH_KEYTYPE_ECDSA_P521)
/* SSH Signature Functions */
ssh_signature ssh_signature_new(void);
void ssh_signature_free(ssh_signature sign);

49
src/auth.c
Просмотреть файл

@ -515,26 +515,13 @@ int ssh_userauth_try_publickey(ssh_session session,
return SSH_ERROR;
}
switch (pubkey->type) {
case SSH_KEYTYPE_UNKNOWN:
ssh_set_error(session,
SSH_REQUEST_DENIED,
/* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(pubkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
break;
}
/* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by"
@ -651,26 +638,13 @@ int ssh_userauth_publickey(ssh_session session,
/* Cert auth requires presenting the cert type name (*-cert@openssh.com) */
key_type = privkey->cert != NULL ? privkey->cert_type : privkey->type;
switch (key_type) {
case SSH_KEYTYPE_UNKNOWN:
ssh_set_error(session,
SSH_REQUEST_DENIED,
/* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
case SSH_KEYTYPE_ECDSA:
sig_type_c = ssh_pki_key_ecdsa_name(privkey);
break;
case SSH_KEYTYPE_DSS:
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ED25519:
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
sig_type_c = ssh_key_get_signature_algorithm(session, key_type);
break;
}
/* Check if the given public key algorithm is allowed */
if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by"
@ -777,9 +751,14 @@ static int ssh_userauth_agent_publickey(ssh_session session,
if (rc < 0) {
goto fail;
}
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
/* Check if the given public key algorithm is allowed */
sig_type_c = ssh_key_get_signature_algorithm(session, pubkey->type);
if (sig_type_c == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Invalid key type (unknown)");
return SSH_AUTH_DENIED;
}
if (!ssh_key_algorithm_allowed(session, sig_type_c)) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"The key algorithm '%s' is not allowed to be used by"

2
src/bind.c
Просмотреть файл

@ -176,7 +176,7 @@ static int ssh_bind_import_keys(ssh_bind sshbind) {
return SSH_ERROR;
}
if (ssh_key_type(sshbind->ecdsa) != SSH_KEYTYPE_ECDSA) {
if (!is_ecdsa_key_type(ssh_key_type(sshbind->ecdsa))) {
ssh_set_error(sshbind, SSH_FATAL,
"The ECDSA host key has the wrong type");
ssh_key_free(sshbind->ecdsa);

8
src/known_hosts.c
Просмотреть файл

@ -373,13 +373,7 @@ int ssh_is_server_known(ssh_session session) {
}
if (match) {
ssh_key pubkey = ssh_dh_get_current_server_publickey(session);
const char *pubkey_type = NULL;
if (ssh_key_type(pubkey) == SSH_KEYTYPE_ECDSA) {
pubkey_type = ssh_pki_key_ecdsa_name(pubkey);
} else {
pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
}
const char *pubkey_type = ssh_key_type_to_char(ssh_key_type(pubkey));
/* We got a match. Now check the key type */
if (strcmp(pubkey_type, type) != 0) {

8
src/options.c
Просмотреть файл

@ -1653,7 +1653,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
"without DSA support");
#endif
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa;
bind_key_path_loc = &sshbind->ecdsakey;
@ -1715,7 +1717,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
"without DSA support");
#endif
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_ECC
bind_key_loc = &sshbind->ecdsa;
#else

76
src/pki.c
Просмотреть файл

@ -74,7 +74,10 @@ enum ssh_keytypes_e pki_privatekey_type_from_string(const char *privkey) {
}
if (strncmp(privkey, ECDSA_HEADER_BEGIN, strlen(ECDSA_HEADER_BEGIN)) == 0) {
return SSH_KEYTYPE_ECDSA;
/* We don't know what the curve is at this point, so we don't actually
* know the type. We figure out the actual curve and fix things up in
* pki_private_key_from_base64 */
return SSH_KEYTYPE_ECDSA_P256;
}
return SSH_KEYTYPE_UNKNOWN;
@ -185,8 +188,9 @@ void ssh_key_free (ssh_key key){
* @brief returns the type of a ssh key
* @param[in] key the ssh_key handle
* @returns one of SSH_KEYTYPE_RSA, SSH_KEYTYPE_DSS,
* SSH_KEYTYPE_ECDSA, SSH_KEYTYPE_ED25519,
* SSH_KEYTYPE_DSS_CERT01, SSH_KEYTYPE_RSA_CERT01
* SSH_KEYTYPE_ECDSA_P256, SSH_KEYTYPE_ECDSA_P384,
* SSH_KEYTYPE_ECDSA_P521, SSH_KEYTYPE_ED25519, SSH_KEYTYPE_DSS_CERT01,
* or SSH_KEYTYPE_RSA_CERT01.
* @returns SSH_KEYTYPE_UNKNOWN if the type is unknown
*/
enum ssh_keytypes_e ssh_key_type(const ssh_key key){
@ -241,7 +245,13 @@ const char *ssh_key_type_to_char(enum ssh_keytypes_e type) {
case SSH_KEYTYPE_RSA:
return "ssh-rsa";
case SSH_KEYTYPE_ECDSA:
return "ssh-ecdsa";
return "ssh-ecdsa"; /* deprecated. invalid value */
case SSH_KEYTYPE_ECDSA_P256:
return "ecdsa-sha2-nistp256";
case SSH_KEYTYPE_ECDSA_P384:
return "ecdsa-sha2-nistp384";
case SSH_KEYTYPE_ECDSA_P521:
return "ecdsa-sha2-nistp521";
case SSH_KEYTYPE_ED25519:
return "ssh-ed25519";
case SSH_KEYTYPE_DSS_CERT01:
@ -398,10 +408,12 @@ enum ssh_keytypes_e ssh_key_type_from_name(const char *name) {
return SSH_KEYTYPE_DSS;
} else if (strcmp(name, "ssh-ecdsa") == 0
|| strcmp(name, "ecdsa") == 0
|| strcmp(name, "ecdsa-sha2-nistp256") == 0
|| strcmp(name, "ecdsa-sha2-nistp384") == 0
|| strcmp(name, "ecdsa-sha2-nistp521") == 0) {
return SSH_KEYTYPE_ECDSA;
|| strcmp(name, "ecdsa-sha2-nistp256") == 0) {
return SSH_KEYTYPE_ECDSA_P256;
} else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
return SSH_KEYTYPE_ECDSA_P384;
} else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
return SSH_KEYTYPE_ECDSA_P521;
} else if (strcmp(name, "ssh-ed25519") == 0){
return SSH_KEYTYPE_ED25519;
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
@ -517,7 +529,9 @@ void ssh_signature_free(ssh_signature sig)
SAFE_FREE(sig->rsa_sig);
#endif
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
gcry_sexp_release(sig->ecdsa_sig);
#elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC)
@ -533,6 +547,7 @@ void ssh_signature_free(ssh_signature sig)
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
break;
}
@ -973,7 +988,9 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
{
ssh_string e = NULL;
ssh_string exp = NULL;
@ -1001,9 +1018,6 @@ int pki_import_privkey_buffer(enum ssh_keytypes_e type,
SSH_LOG(SSH_LOG_WARN, "Failed to build ECDSA private key");
goto fail;
}
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
}
break;
#endif
@ -1120,7 +1134,10 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA: /* deprecated */
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
{
ssh_string e = NULL;
ssh_string i = NULL;
@ -1147,7 +1164,9 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
}
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
if (type == SSH_KEYTYPE_ECDSA) {
key->type_c = ssh_pki_key_ecdsa_name(key);
}
}
break;
#endif
@ -1539,7 +1558,6 @@ int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
* @param[in] parameter Parameter to the creation of key:
* rsa : length of the key in bits (e.g. 1024, 2048, 4096)
* dsa : length of the key in bits (e.g. 1024, 2048, 3072)
* ecdsa : bits of the key (e.g. 256, 384, 521)
* @param[out] pkey A pointer to store the allocated private key. You need
* to free the memory.
*
@ -1572,7 +1590,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
goto error;
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA: /* deprecated */
rc = pki_key_generate_ecdsa(key, parameter);
if (rc == SSH_ERROR) {
goto error;
@ -1581,6 +1599,24 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
/* Update key type */
key->type_c = ssh_pki_key_ecdsa_name(key);
break;
case SSH_KEYTYPE_ECDSA_P256:
rc = pki_key_generate_ecdsa(key, 256);
if (rc == SSH_ERROR) {
goto error;
}
break;
case SSH_KEYTYPE_ECDSA_P384:
rc = pki_key_generate_ecdsa(key, 384);
if (rc == SSH_ERROR) {
goto error;
}
break;
case SSH_KEYTYPE_ECDSA_P521:
rc = pki_key_generate_ecdsa(key, 521);
if (rc == SSH_ERROR) {
goto error;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
rc = pki_key_generate_ed25519(key);
@ -1939,7 +1975,7 @@ int ssh_pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
if (key->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(key->type)) {
#if HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;
@ -2028,7 +2064,7 @@ ssh_string ssh_pki_do_sign(ssh_session session,
}
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
if (privkey->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(privkey->type)) {
#ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;
@ -2211,7 +2247,7 @@ ssh_string ssh_srv_pki_do_sign_sessionid(ssh_session session,
return NULL;
}
if (privkey->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(privkey->type)) {
#ifdef HAVE_ECC
unsigned char ehash[EVP_DIGEST_LEN] = {0};
uint32_t elen;

116
src/pki_crypto.c
Просмотреть файл

@ -92,6 +92,24 @@ static int pki_key_ecdsa_to_nid(EC_KEY *k)
return -1;
}
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EC_KEY *k)
{
static int nid;
nid = pki_key_ecdsa_to_nid(k);
switch (nid) {
case NID_X9_62_prime256v1:
return SSH_KEYTYPE_ECDSA_P256;
case NID_secp384r1:
return SSH_KEYTYPE_ECDSA_P384;
case NID_secp521r1:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
const char *pki_key_ecdsa_nid_to_name(int nid)
{
switch (nid) {
@ -451,7 +469,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
new->ecdsa_nid = key->ecdsa_nid;
@ -551,26 +571,24 @@ int pki_key_generate_dss(ssh_key key, int parameter){
#ifdef HAVE_OPENSSL_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
int ok;
switch (parameter) {
case 384:
nid = NID_secp384r1;
key->ecdsa_nid = NID_secp384r1;
key->type = SSH_KEYTYPE_ECDSA_P384;
break;
case 521:
nid = NID_secp521r1;
key->ecdsa_nid = NID_secp521r1;
key->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 256:
default:
nid = NID_X9_62_prime256v1;
key->ecdsa_nid = NID_X9_62_prime256v1;
key->type = SSH_KEYTYPE_ECDSA_P256;
}
key->ecdsa_nid = nid;
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
if (key->ecdsa == NULL) {
return SSH_ERROR;
}
@ -650,7 +668,9 @@ int pki_key_compare(const ssh_key k1,
}
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
{
const EC_POINT *p1 = EC_KEY_get0_public_key(k1->ecdsa);
@ -756,7 +776,9 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
@ -818,7 +840,7 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
DSA *dsa = NULL;
RSA *rsa = NULL;
ed25519_privkey *ed25519 = NULL;
ssh_key key;
ssh_key key = NULL;
enum ssh_keytypes_e type;
#ifdef HAVE_OPENSSL_ECC
EC_KEY *ecdsa = NULL;
@ -884,7 +906,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
if (passphrase == NULL) {
if (auth_fn) {
@ -908,12 +932,21 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
return NULL;
}
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libcrypto */
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key type %d", type);
@ -933,9 +966,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->ecdsa = ecdsa;
key->ed25519_privkey = ed25519;
#ifdef HAVE_OPENSSL_ECC
if (key->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(key->type)) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
#endif
@ -1237,27 +1269,10 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
rc = ssh_buffer_reinit(buffer);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
@ -1461,7 +1476,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA1:
sig_blob = ssh_string_copy(sig->rsa_sig);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
{
ssh_string r;
@ -1614,8 +1631,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
len = ssh_string_len(sig_blob);
@ -1688,9 +1705,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
if (sig == NULL) {
return NULL;
}
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_SIG_new();
if (sig->ecdsa_sig == NULL) {
@ -1874,7 +1892,9 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
rc = ECDSA_do_verify(hash,
hlen,
@ -1919,8 +1939,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) {
case SSH_KEYTYPE_DSS:
@ -1942,7 +1962,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
@ -1950,7 +1969,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
sig->dsa_sig = NULL;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, privkey->ecdsa);
if (sig->ecdsa_sig == NULL) {
@ -2005,7 +2026,7 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
sig->type = key->type;
sig->type_c = key->type_c;
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch(key->type) {
case SSH_KEYTYPE_DSS:
@ -2017,14 +2038,15 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa);
if (sig->ecdsa_sig == NULL) {

107
src/pki_gcrypt.c
Просмотреть файл

@ -427,7 +427,9 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type,
header_begin = RSA_HEADER_BEGIN;
header_end = RSA_HEADER_END;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
header_begin = ECDSA_HEADER_BEGIN;
header_end = ECDSA_HEADER_END;
break;
@ -737,6 +739,24 @@ static int pki_key_ecdsa_to_nid(gcry_sexp_t k)
return -1;
}
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(gcry_sexp_t k)
{
static int nid;
nid = pki_key_ecdsa_to_nid(k);
switch (nid) {
case NID_gcrypt_nistp256:
return SSH_KEYTYPE_ECDSA_P256;
case NID_gcrypt_nistp384:
return SSH_KEYTYPE_ECDSA_P384;
case NID_gcrypt_nistp521:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
static const char *pki_key_ecdsa_nid_to_gcrypt_name(int nid)
{
switch (nid) {
@ -843,7 +863,7 @@ static int b64decode_ecdsa_privatekey(const char *pkey, gcry_sexp_t *r,
int ok;
buffer = privatekey_string_to_buffer(pkey,
SSH_KEYTYPE_ECDSA,
SSH_KEYTYPE_ECDSA_P256,
cb,
userdata,
desc);
@ -978,7 +998,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#if HAVE_GCRYPT_ECC
if (passphrase == NULL) {
if (auth_fn != NULL) {
@ -1006,6 +1028,14 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
SSH_LOG(SSH_LOG_WARN, "Parsing private key");
goto fail;
}
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
@ -1029,9 +1059,8 @@ ssh_key pki_private_key_from_base64(const char *b64_key,
key->rsa = rsa;
key->ecdsa = ecdsa;
#ifdef HAVE_GCRYPT_ECC
if (key->type == SSH_KEYTYPE_ECDSA) {
if (is_ecdsa_key_type(key->type)) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
#endif
@ -1256,7 +1285,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
new->ecdsa_nid = key->ecdsa_nid;
@ -1336,7 +1367,9 @@ static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int
case SSH_KEYTYPE_DSS:
rc = gcry_pk_genkey(&key->dsa, parms);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
rc = gcry_pk_genkey(&key->ecdsa, parms);
break;
default:
@ -1357,22 +1390,24 @@ int pki_key_generate_dss(ssh_key key, int parameter){
#ifdef HAVE_GCRYPT_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
switch (parameter) {
case 384:
nid = NID_gcrypt_nistp384;
break;
key->ecdsa_nid = NID_gcrypt_nistp384;
key->type = SSH_KEYTYPE_ECDSA_P384;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P384);
case 521:
nid = NID_gcrypt_nistp521;
break;
key->ecdsa_nid = NID_gcrypt_nistp521;
key->type = SSH_KEYTYPE_ECDSA_P521;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P521);
case 256:
default:
nid = NID_gcrypt_nistp256;
key->ecdsa_nid = NID_gcrypt_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
return pki_key_generate(key, parameter, "ecdsa",
SSH_KEYTYPE_ECDSA_P256);
}
key->ecdsa_nid = nid;
return pki_key_generate(key, parameter, "ecdsa", SSH_KEYTYPE_ECDSA);
}
#endif
@ -1471,7 +1506,9 @@ int pki_key_compare(const ssh_key k1,
case SSH_KEYTYPE_ED25519:
/* ed25519 keys handled globaly */
return 0;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
if (k1->ecdsa_nid != k2->ecdsa_nid) {
return 1;
@ -1488,6 +1525,7 @@ int pki_key_compare(const ssh_key k1,
#endif
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_UNKNOWN:
return 1;
@ -1634,7 +1672,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
type_s = ssh_string_from_char(
pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
@ -1788,7 +1828,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_ED25519:
sig_blob = pki_ed25519_sig_to_blob(sig);
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
{
ssh_string R;
@ -1877,8 +1919,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
len = ssh_string_len(sig_blob);
@ -1944,7 +1986,6 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
ssh_signature_free(sig);
return NULL;
}
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_sig_from_blob(sig, sig_blob);
@ -1953,7 +1994,9 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
{ /* build ecdsa siganature */
ssh_buffer b;
@ -2138,7 +2181,9 @@ int pki_signature_verify(ssh_session session,
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,
@ -2198,8 +2243,8 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return NULL;
}
sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch (privkey->type) {
case SSH_KEYTYPE_DSS:
/* That is to mark the number as positive */
@ -2224,7 +2269,6 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
break;
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
switch (hash_type) {
case SSH_DIGEST_SHA1:
case SSH_DIGEST_AUTO:
@ -2265,7 +2309,9 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,
@ -2319,7 +2365,7 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
sig->type = key->type;
sig->type_c = key->type_c;
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch(key->type) {
case SSH_KEYTYPE_DSS:
@ -2344,7 +2390,6 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
break;
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch (hash_type) {
case SSH_DIGEST_SHA1:
hash_c = "sha1";
@ -2378,7 +2423,9 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
break;
case SSH_KEYTYPE_ED25519:
/* ED25519 handled in caller */
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
#ifdef HAVE_GCRYPT_ECC
err = gcry_sexp_build(&sexp,
NULL,

122
src/pki_mbedcrypto.c
Просмотреть файл

@ -61,6 +61,24 @@ static int pki_key_ecdsa_to_nid(mbedtls_ecdsa_context *ecdsa)
return -1;
}
static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(mbedtls_ecdsa_context *ecdsa)
{
static int nid;
nid = pki_key_ecdsa_to_nid(ecdsa);
switch (nid) {
case NID_mbedtls_nistp256:
return SSH_KEYTYPE_ECDSA_P256;
case NID_mbedtls_nistp384:
return SSH_KEYTYPE_ECDSA_P384;
case NID_mbedtls_nistp521:
return SSH_KEYTYPE_ECDSA_P521;
default:
return SSH_KEYTYPE_UNKNOWN;
}
}
ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
ssh_auth_callback auth_fn, void *auth_data)
{
@ -121,7 +139,9 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
goto fail;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
ecdsa = malloc(sizeof(mbedtls_pk_context));
if (ecdsa == NULL) {
return NULL;
@ -173,10 +193,6 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
goto fail;
}
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
if (ecdsa != NULL) {
mbedtls_ecp_keypair *keypair = mbedtls_pk_ec(*ecdsa);
@ -189,16 +205,27 @@ ssh_key pki_private_key_from_base64(const char *b64_key, const char *passphrase,
mbedtls_ecdsa_from_keypair(key->ecdsa, keypair);
mbedtls_pk_free(ecdsa);
SAFE_FREE(ecdsa);
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
/* pki_privatekey_type_from_string always returns P256 for ECDSA
* keys, so we need to figure out the correct type here */
type = pki_key_ecdsa_to_key_type(key->ecdsa);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Invalid private key.");
goto fail;
}
} else {
key->ecdsa = NULL;
}
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->rsa = rsa;
key->ed25519_privkey = ed25519;
rsa = NULL;
ecdsa = NULL;
if (key->type == SSH_KEYTYPE_ECDSA) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
return key;
fail:
@ -401,7 +428,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
break;
}
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
new->ecdsa_nid = key->ecdsa_nid;
new->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
@ -511,7 +540,9 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
}
break;
}
case SSH_KEYTYPE_ECDSA: {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
mbedtls_ecp_keypair *ecdsa1 = k1->ecdsa;
mbedtls_ecp_keypair *ecdsa2 = k2->ecdsa;
@ -678,27 +709,9 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
break;
}
case SSH_KEYTYPE_ECDSA:
rc = ssh_buffer_reinit(buffer);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
type_s =
ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) {
@ -773,7 +786,9 @@ ssh_string pki_signature_to_blob(const ssh_signature sig)
case SSH_KEYTYPE_RSA:
sig_blob = ssh_string_copy(sig->rsa_sig);
break;
case SSH_KEYTYPE_ECDSA: {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
ssh_string r;
ssh_string s;
ssh_buffer b;
@ -911,8 +926,8 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
}
sig->type = type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
sig->hash_type = hash_type;
sig->type_c = pubkey->type_c; /* for all types but RSA */
switch(type) {
case SSH_KEYTYPE_RSA:
@ -920,9 +935,10 @@ ssh_signature pki_signature_from_blob(const ssh_key pubkey,
if (sig == NULL) {
return NULL;
}
sig->type_c = ssh_key_signature_to_char(type, hash_type);
break;
case SSH_KEYTYPE_ECDSA: {
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: {
ssh_buffer b;
ssh_string r;
ssh_string s;
@ -1050,7 +1066,9 @@ int pki_signature_verify(ssh_session session, const ssh_signature sig, const
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
rc = mbedtls_ecdsa_verify(&key->ecdsa->grp, hash, hlen,
&key->ecdsa->Q, sig->ecdsa_sig.r, sig->ecdsa_sig.s);
if (rc != 0) {
@ -1157,19 +1175,20 @@ ssh_signature pki_do_sign_hash(const ssh_key privkey,
}
sig->type = privkey->type;
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) {
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = rsa_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
sig->ecdsa_sig.r = bignum_new();
if (sig->ecdsa_sig.r == NULL) {
return NULL;
@ -1231,18 +1250,19 @@ ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
}
sig->type = key->type;
sig->type_c = key->type_c;
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
switch (key->type) {
case SSH_KEYTYPE_RSA:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = rsa_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
sig->ecdsa_sig.r = bignum_new();
if (sig->ecdsa_sig.r == NULL) {
return NULL;
@ -1452,26 +1472,24 @@ fail:
int pki_key_generate_ecdsa(ssh_key key, int parameter)
{
int nid;
int ok;
switch (parameter) {
case 384:
nid = NID_mbedtls_nistp384;
key->ecdsa_nid = NID_mbedtls_nistp384;
key->type = SSH_KEYTYPE_ECDSA_P384;
break;
case 521:
nid = NID_mbedtls_nistp521;
key->ecdsa_nid = NID_mbedtls_nistp521;
key->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 256:
default:
nid = NID_mbedtls_nistp256;
key->ecdsa_nid = NID_mbedtls_nistp256;
key->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
key->ecdsa_nid = nid;
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = malloc(sizeof(mbedtls_ecdsa_context));
if (key->ecdsa == NULL) {
return SSH_ERROR;
@ -1480,7 +1498,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter)
mbedtls_ecdsa_init(key->ecdsa);
ok = mbedtls_ecdsa_genkey(key->ecdsa,
pki_key_ecdsa_nid_to_mbed_gid(nid),
pki_key_ecdsa_nid_to_mbed_gid(key->ecdsa_nid),
mbedtls_ctr_drbg_random,
ssh_get_mbedtls_ctr_drbg_context());

4
src/server.c
Просмотреть файл

@ -242,7 +242,9 @@ int ssh_get_key_params(ssh_session session, ssh_key *privkey){
case SSH_KEYTYPE_RSA:
*privkey = session->srv.rsa_key;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
*privkey = session->srv.ecdsa_key;
break;
case SSH_KEYTYPE_ED25519:

8
tests/client/torture_knownhosts_verify.c
Просмотреть файл

@ -161,15 +161,15 @@ static void torture_knownhosts_precheck(void **state)
assert_non_null(file);
fprintf(file,
"127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fprintf(file,
"127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0));
torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
fprintf(file,
"127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, 521));
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA_P521));
fclose(file);
@ -229,7 +229,7 @@ static void torture_knownhosts_other(void **state)
assert_non_null(file);
fprintf(file,
"127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fclose(file);
rc = ssh_connect(session);

10
tests/server/torture_server.c
Просмотреть файл

@ -109,28 +109,28 @@ static int setup_default_server(void **state)
"%s/sshd/ssh_host_ed25519_key",
s->socket_dir);
torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_DSA
snprintf(dsa_hostkey,
sizeof(dsa_hostkey),
"%s/sshd/ssh_host_dsa_key",
s->socket_dir);
torture_write_file(dsa_hostkey, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_write_file(dsa_hostkey, torture_get_testkey(SSH_KEYTYPE_DSS, 0));
#endif /* HAVE_DSA */
snprintf(rsa_hostkey,
sizeof(rsa_hostkey),
"%s/sshd/ssh_host_rsa_key",
s->socket_dir);
torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_write_file(rsa_hostkey, torture_get_testkey(SSH_KEYTYPE_RSA, 0));
snprintf(ecdsa_hostkey,
sizeof(ecdsa_hostkey),
"%s/sshd/ssh_host_ecdsa_key",
s->socket_dir);
torture_write_file(ecdsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0));
torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
sftp_server = getenv("TORTURE_SFTP_SERVER");
if (sftp_server == NULL) {
@ -449,7 +449,7 @@ static void torture_server_hostkey_mismatch(void **state)
assert_non_null(file);
fprintf(file,
"127.0.0.10 %s\n",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
fclose(file);
rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);

2
tests/server/torture_server_auth_kbdint.c
Просмотреть файл

@ -551,7 +551,7 @@ static int setup_kbdint_server(void **state)
"%s/sshd/ssh_host_ed25519_key",
s->socket_dir);
torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
/* Create the server state */
ss = (struct server_state_st *)calloc(1, sizeof(struct server_state_st));

13
tests/torture.c
Просмотреть файл

@ -373,7 +373,9 @@ ssh_bind torture_ssh_bind(const char *addr,
case SSH_KEYTYPE_RSA:
opts = SSH_BIND_OPTIONS_RSAKEY;
break;
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521:
opts = SSH_BIND_OPTIONS_ECDSAKEY;
break;
default:
@ -714,16 +716,15 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
if (!written) {
torture_write_file(ed25519_hostkey,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519,
0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_DSA
torture_write_file(dsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_get_testkey(SSH_KEYTYPE_DSS, 0));
#endif /* HAVE_DSA */
torture_write_file(rsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(ecdsa_hostkey,
torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0));
torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
torture_write_file(trusted_ca_pubkey, torture_rsa_certauth_pub);
}

62
tests/torture_key.c
Просмотреть файл

@ -497,7 +497,6 @@ static const char torture_ed25519_public_testkey[] =
"BU6Nh3PmAiqX aris@kalix86";
static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
int bits,
bool with_passphrase,
int pubkey,
int format)
@ -529,35 +528,33 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
return torture_rsa_private_openssh_testkey;
}
return torture_rsa_private_testkey;
case SSH_KEYTYPE_ECDSA:
if (bits == 521) {
if (pubkey) {
return torture_ecdsa521_public_testkey;
} else if (with_passphrase) {
if (format == 1) {
return torture_ecdsa521_private_openssh_testkey_passphrase;
}
return torture_ecdsa521_private_testkey_passphrase;
}
case SSH_KEYTYPE_ECDSA_P521:
if (pubkey) {
return torture_ecdsa521_public_testkey;
} else if (with_passphrase) {
if (format == 1) {
return torture_ecdsa521_private_openssh_testkey;
return torture_ecdsa521_private_openssh_testkey_passphrase;
}
return torture_ecdsa521_private_testkey;
} else if (bits == 384) {
if (pubkey) {
return torture_ecdsa384_public_testkey;
} else if (with_passphrase){
if (format == 1) {
return torture_ecdsa384_private_openssh_testkey_passphrase;
}
return torture_ecdsa384_private_testkey_passphrase;
}
if (format == 1) {
return torture_ecdsa384_private_openssh_testkey;
}
return torture_ecdsa384_private_testkey;
return torture_ecdsa521_private_testkey_passphrase;
}
if (format == 1) {
return torture_ecdsa521_private_openssh_testkey;
}
return torture_ecdsa521_private_testkey;
case SSH_KEYTYPE_ECDSA_P384:
if (pubkey) {
return torture_ecdsa384_public_testkey;
} else if (with_passphrase){
if (format == 1) {
return torture_ecdsa384_private_openssh_testkey_passphrase;
}
return torture_ecdsa384_private_testkey_passphrase;
}
if (format == 1) {
return torture_ecdsa384_private_openssh_testkey;
}
return torture_ecdsa384_private_testkey;
case SSH_KEYTYPE_ECDSA_P256:
if (pubkey) {
return torture_ecdsa256_public_testkey;
} else if (with_passphrase){
@ -590,6 +587,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
case SSH_KEYTYPE_RSA_CERT01:
return torture_rsa_testkey_cert;
case SSH_KEYTYPE_RSA1:
case SSH_KEYTYPE_ECDSA:
case SSH_KEYTYPE_UNKNOWN:
return NULL;
}
@ -599,23 +597,21 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type,
/* Return the encrypted private key in a new OpenSSH format */
const char *torture_get_openssh_testkey(enum ssh_keytypes_e type,
int ecda_bits,
bool with_passphrase)
{
return torture_get_testkey_internal(type, ecda_bits, with_passphrase, 0, 1);
return torture_get_testkey_internal(type, with_passphrase, 0, 1);
}
/* Return the private key in the legacy PEM format */
const char *torture_get_testkey(enum ssh_keytypes_e type,
int ecda_bits,
bool with_passphrase)
{
return torture_get_testkey_internal(type, ecda_bits, with_passphrase, 0, 0);
return torture_get_testkey_internal(type, with_passphrase, 0, 0);
}
const char *torture_get_testkey_pub(enum ssh_keytypes_e type, int ecda_bits)
const char *torture_get_testkey_pub(enum ssh_keytypes_e type)
{
return torture_get_testkey_internal(type, ecda_bits, 0, 1, 0);
return torture_get_testkey_internal(type, 0, 1, 0);
}
const char *torture_get_testkey_passphrase(void)

4
tests/torture_key.h
Просмотреть файл

@ -30,15 +30,13 @@
/* Return the encrypted private key in a new OpenSSH format */
const char *torture_get_openssh_testkey(enum ssh_keytypes_e type,
int ecdsa_bits,
bool with_passphrase);
/* Return the private key in the legacy PEM format */
const char *torture_get_testkey(enum ssh_keytypes_e type,
int ecdsa_bits,
bool with_passphrase);
const char *torture_get_testkey_passphrase(void);
const char *torture_get_testkey_pub(enum ssh_keytypes_e type, int ecdsa_bits);
const char *torture_get_testkey_pub(enum ssh_keytypes_e type);
#endif /* _TORTURE_KEY_H */

8
tests/unittests/torture_bind_config.c
Просмотреть файл

@ -140,17 +140,17 @@ static int setup_config_files(void **state)
/* For ed25519 the test keys are not available in legacy PEM format. Using
* the new OpenSSH format for all algorithms */
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_ED25519_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_ECC
torture_write_file(LIBSSH_ECDSA_521_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, 521, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
#endif
#ifdef HAVE_DSA
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
#endif
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS,

2
tests/unittests/torture_hashes.c
Просмотреть файл

@ -16,7 +16,7 @@ static int setup_rsa_key(void **state)
const char *q;
b64_key = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
b64_key = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_non_null(b64_key);
q = p = b64_key;

16
tests/unittests/torture_keyfiles.c
Просмотреть файл

@ -19,9 +19,9 @@ static int setup_rsa_key(void **state)
unlink(LIBSSH_RSA_TESTKEY ".pub");
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
session = ssh_new();
*state = session;
@ -38,9 +38,9 @@ static int setup_dsa_key(void **state)
unlink(LIBSSH_DSA_TESTKEY ".pub");
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_get_testkey(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
torture_get_testkey_pub(SSH_KEYTYPE_DSS));
session = ssh_new();
*state = session;
@ -70,15 +70,15 @@ static int setup_both_keys_passphrase(void **state)
ssh_session session;
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1));
torture_get_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
#ifdef HAVE_DSA
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1));
torture_get_testkey(SSH_KEYTYPE_DSS, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
torture_get_testkey_pub(SSH_KEYTYPE_DSS));
#endif
session = ssh_new();

2
tests/unittests/torture_knownhosts_parsing.c
Просмотреть файл

@ -132,7 +132,7 @@ static void torture_knownhosts_parse_line_ecdsa(void **state) {
assert_string_equal(entry->hostname, "localhost");
assert_non_null(entry->unparsed);
assert_non_null(entry->publickey);
assert_int_equal(ssh_key_type(entry->publickey), SSH_KEYTYPE_ECDSA);
assert_int_equal(ssh_key_type(entry->publickey), SSH_KEYTYPE_ECDSA_P256);
SSH_KNOWNHOSTS_ENTRY_FREE(entry);
}

14
tests/unittests/torture_options.c
Просмотреть файл

@ -781,17 +781,17 @@ static int ssh_bind_setup_files(void **state)
/* For ed25519 the test keys are not available in legacy PEM format. Using
* the new OpenSSH format for all algorithms */
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_RSA 0));
torture_write_file(LIBSSH_ED25519_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0));
#ifdef HAVE_ECC
torture_write_file(LIBSSH_ECDSA_521_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, 521, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA_P521, 0));
#endif
#ifdef HAVE_DSA
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
#endif
torture_write_file(LIBSSH_CUSTOM_BIND_CONFIG_FILE,
"Port 42\n");
@ -867,7 +867,7 @@ static void torture_bind_options_import_key(void **state)
SSH_KEY_FREE(key);
/* set rsa key */
base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
base64_key = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
assert_int_equal(rc, SSH_OK);
assert_non_null(key);
@ -876,7 +876,7 @@ static void torture_bind_options_import_key(void **state)
assert_int_equal(rc, 0);
#ifdef HAVE_DSA
/* set dsa key */
base64_key = torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0);
base64_key = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
assert_int_equal(rc, SSH_OK);
assert_non_null(key);
@ -886,7 +886,7 @@ static void torture_bind_options_import_key(void **state)
#endif
#ifdef HAVE_ECC
/* set ecdsa key */
base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA, 521, 0);
base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA_P521, 0);
rc = ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key);
assert_int_equal(rc, SSH_OK);
assert_non_null(key);

23
tests/unittests/torture_pki.c
Просмотреть файл

@ -57,16 +57,25 @@ struct key_attrs {
};
struct key_attrs key_attrs_list[] = {
{0, 0, "", 0, 0, ""}, /* UNKNOWN */
{0, 0, "", 0, 0, ""}, /* UNKNOWN */
#ifdef HAVE_DSA
{1, 1, "ssh-dss", 1024, 20, "ssh-dss" }, /* DSS */
{1, 1, "ssh-dss", 1024, 20, "ssh-dss" }, /* DSS */
#else
{0, 0, "", 0, 0, ""}, /* DSS */
{0, 0, "", 0, 0, ""}, /* DSS */
#endif
{1, 1, "ssh-rsa", 2048, 20, "ssh-rsa"}, /* RSA */
{0, 0, "", 0, 0, ""}, /* RSA1 */
{1, 1, "ecdsa-sha2-nistp521", 521, 64, "ecdsa-sha2-nistp521"}, /* ECDSA */
{1, 1, "ssh-ed25519", 0, 33, "ssh-ed25519"}, /* ED25519 */
{1, 1, "ssh-rsa", 2048, 20, "ssh-rsa"}, /* RSA */
{0, 0, "", 0, 0, ""}, /* RSA1 */
{0, 0, "", 0, 0, ""}, /* ECDSA */
{1, 1, "ssh-ed25519", 0, 33, "ssh-ed25519"}, /* ED25519 */
#ifdef HAVE_DSA
{0, 0, "", 0, 0, ""}, /* DSS CERT */
#else
{0, 0, "", 0, 0, ""}, /* DSS CERT */
#endif
{0, 0, "", 0, 0, ""}, /* RSA CERT */
{1, 1, "ecdsa-sha2-nistp256", 0, 64, "ecdsa-sha2-nistp256"}, /* ECDSA P256 */
{1, 1, "ecdsa-sha2-nistp384", 0, 64, "ecdsa-sha2-nistp384"}, /* ECDSA P384 */
{1, 1, "ecdsa-sha2-nistp521", 0, 64, "ecdsa-sha2-nistp521"}, /* ECDSA P521 */
};
/* Maps to enum ssh_digest_e */

40
tests/unittests/torture_pki_dsa.c
Просмотреть файл

@ -49,13 +49,13 @@ static int setup_dsa_key(void **state)
printf("Changed directory to: %s\n", tmp_dir);
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_get_testkey(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1));
torture_get_testkey(SSH_KEYTYPE_DSS, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
torture_get_testkey_pub(SSH_KEYTYPE_DSS));
torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0));
torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01));
return 0;
}
@ -85,13 +85,13 @@ static int setup_openssh_dsa_key(void **state)
assert_int_equal(rc, 0);
torture_write_file(LIBSSH_DSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0));
torture_write_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1));
torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 1));
torture_write_file(LIBSSH_DSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
torture_get_testkey_pub(SSH_KEYTYPE_DSS));
torture_write_file(LIBSSH_DSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01, 0));
torture_get_testkey_pub(SSH_KEYTYPE_DSS_CERT01));
return 0;
}
@ -158,7 +158,7 @@ static void torture_pki_dsa_import_privkey_base64(void **state)
(void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0),
passphrase,
NULL,
NULL,
@ -258,7 +258,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
(void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
passphrase,
NULL,
NULL,
@ -272,7 +272,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
SSH_KEY_FREE(key);
/* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
"wrong passphrase !!",
NULL,
NULL,
@ -283,7 +283,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
/* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */
#ifndef HAVE_LIBCRYPTO
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
NULL,
NULL,
NULL,
@ -292,7 +292,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
assert_null(key);
#endif
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
passphrase,
NULL,
NULL,
@ -306,7 +306,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
SSH_KEY_FREE(key);
/* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
"wrong passphrase !!",
NULL,
NULL,
@ -320,7 +320,7 @@ static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
#ifndef HAVE_LIBCRYPTO
/* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
NULL,
NULL,
NULL,
@ -343,7 +343,7 @@ torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
(void) state; /* unused */
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 0, 1);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 1);
assert_non_null(keystring);
rc = ssh_pki_import_privkey_base64(keystring,
@ -424,7 +424,7 @@ static void torture_pki_dsa_publickey_from_privatekey(void **state)
(void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0),
passphrase,
NULL,
NULL,
@ -476,7 +476,7 @@ static void torture_pki_dsa_publickey_base64(void **state)
(void) state; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
assert_non_null(key_buf);
keylen = strlen(key_buf);
@ -550,8 +550,8 @@ static void torture_pki_dsa_generate_pubkey_from_privkey(void **state)
sizeof(pubkey_generated));
assert_true(rc == 0);
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0),
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_DSS),
pubkey_generated,
len);

114
tests/unittests/torture_pki_ecdsa.c
Просмотреть файл

@ -19,6 +19,7 @@ const unsigned char ECDSA_HASH[] = "12345678901234567890";
struct pki_st {
char *cwd;
char *temp_dir;
enum ssh_keytypes_e type;
};
static int setup_ecdsa_key(void **state, int ecdsa_bits)
@ -47,12 +48,24 @@ static int setup_ecdsa_key(void **state, int ecdsa_bits)
printf("Changed directory to: %s\n", tmp_dir);
switch (ecdsa_bits) {
case 521:
test_state->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 384:
test_state->type = SSH_KEYTYPE_ECDSA_P384;
break;
default:
test_state->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
torture_write_file(LIBSSH_ECDSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0));
torture_get_testkey(test_state->type, 0));
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1));
torture_get_testkey(test_state->type, 1));
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits));
torture_get_testkey_pub(test_state->type));
return 0;
}
@ -84,15 +97,25 @@ static int setup_openssh_ecdsa_key(void **state, int ecdsa_bits)
printf("Changed directory to: %s\n", tmp_dir);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 0);
torture_write_file(LIBSSH_ECDSA_TESTKEY,
keystring);
switch (ecdsa_bits) {
case 521:
test_state->type = SSH_KEYTYPE_ECDSA_P521;
break;
case 384:
test_state->type = SSH_KEYTYPE_ECDSA_P384;
break;
default:
test_state->type = SSH_KEYTYPE_ECDSA_P256;
break;
}
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ECDSA, ecdsa_bits, 1);
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE,
keystring);
keystring = torture_get_openssh_testkey(test_state->type, 0);
torture_write_file(LIBSSH_ECDSA_TESTKEY, keystring);
keystring = torture_get_openssh_testkey(test_state->type, 1);
torture_write_file(LIBSSH_ECDSA_TESTKEY_PASSPHRASE, keystring);
torture_write_file(LIBSSH_ECDSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ECDSA, ecdsa_bits));
torture_get_testkey_pub(test_state->type));
return 0;
}
@ -249,8 +272,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
const char *q = NULL;
ssh_key key = NULL;
int rc;
(void) state; /* unused */
struct pki_st *test_state = *((struct pki_st **)state);
key_buf = torture_pki_read_file(LIBSSH_ECDSA_TESTKEY ".pub");
assert_non_null(key_buf);
@ -262,7 +284,7 @@ static void torture_pki_ecdsa_publickey_base64(void **state)
}
type = ssh_key_type_from_name(q);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == test_state->type);
q = ++p;
while (p != NULL && *p != '\0' && *p != ' ') p++;
@ -427,6 +449,24 @@ static void torture_pki_generate_key_ecdsa(void **state)
ssh_session session=ssh_new();
(void) state;
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P256, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
etype_char = ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 256, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
@ -435,15 +475,33 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == SSH_KEYTYPE_ECDSA_P256);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp256") == 0);
etype_char = ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P384, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 384, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
@ -452,15 +510,33 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == SSH_KEYTYPE_ECDSA_P384);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp384") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA_P521, 0, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
sign = pki_do_sign(key, ECDSA_HASH, 20);
assert_non_null(sign);
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);
ssh_signature_free(sign);
SSH_KEY_FREE(key);
/* deprecated */
rc = ssh_pki_generate(SSH_KEYTYPE_ECDSA, 521, &key);
assert_true(rc == SSH_OK);
assert_non_null(key);
@ -469,9 +545,9 @@ static void torture_pki_generate_key_ecdsa(void **state)
rc = pki_signature_verify(session,sign,key,ECDSA_HASH,20);
assert_true(rc == SSH_OK);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_ECDSA);
assert_true(type == SSH_KEYTYPE_ECDSA_P521);
type_char = ssh_key_type_to_char(type);
assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
assert_true(strcmp(type_char, "ecdsa-sha2-nistp521") == 0);
etype_char =ssh_pki_key_ecdsa_name(key);
assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);

27
tests/unittests/torture_pki_ed25519.c
Просмотреть файл

@ -52,13 +52,13 @@ static int setup_ed25519_key(void **state)
printf("Changed directory to: %s\n", tmp_dir);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
torture_write_file(LIBSSH_ED25519_TESTKEY, keystring);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 1);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 1);
torture_write_file(LIBSSH_ED25519_TESTKEY_PASSPHRASE, keystring);
torture_write_file(LIBSSH_ED25519_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_ED25519,0));
torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
return 0;
}
@ -158,7 +158,6 @@ static void torture_pki_ed25519_import_export_privkey_base64(void **state)
(void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_openssh_testkey(SSH_KEYTYPE_ED25519,
0,
false),
passphrase,
NULL,
@ -210,7 +209,7 @@ static void torture_pki_ed25519_publickey_from_privatekey(void **state)
(void) state; /* unused */
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
rc = ssh_pki_import_privkey_base64(keystring,
passphrase,
NULL,
@ -240,7 +239,7 @@ static void torture_pki_ed25519_publickey_base64(void **state)
(void) state; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0));
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
assert_non_null(key_buf);
q = p = key_buf;
@ -305,8 +304,8 @@ static void torture_pki_ed25519_generate_pubkey_from_privkey(void **state)
sizeof(pubkey_generated));
assert_true(rc == 0);
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0),
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_ED25519));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_ED25519),
pubkey_generated,
len);
@ -469,7 +468,7 @@ static void torture_pki_ed25519_sign(void **state)
sig = ssh_signature_new();
assert_non_null(sig);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 0);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0);
rc = ssh_pki_import_privkey_base64(keystring,
NULL,
NULL,
@ -498,7 +497,7 @@ static void torture_pki_ed25519_verify(void **state){
ssh_key pubkey = NULL;
ssh_signature sig = NULL;
ssh_string blob = ssh_string_new(ED25519_SIG_LEN);
char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519,0), ' ') + 1);
char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519), ' ') + 1);
char *ptr = NULL;
int rc;
(void) state;
@ -531,7 +530,7 @@ static void torture_pki_ed25519_verify_bad(void **state){
ssh_key pubkey = NULL;
ssh_signature sig = NULL;
ssh_string blob = ssh_string_new(ED25519_SIG_LEN);
char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519,0), ' ') + 1);
char *pkey_ptr = strdup(strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519), ' ') + 1);
char *ptr = NULL;
int rc;
int i;
@ -574,7 +573,7 @@ static void torture_pki_ed25519_import_privkey_base64_passphrase(void **state)
(void) state; /* unused */
/* same for ED25519 */
testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 1);
testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 1);
rc = ssh_pki_import_privkey_base64(testkey,
passphrase,
NULL,
@ -608,7 +607,7 @@ static void torture_pki_ed25519_privkey_dup(void **state)
(void) state; /* unused */
testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 0, 1);
testkey = torture_get_openssh_testkey(SSH_KEYTYPE_ED25519, 1);
rc = ssh_pki_import_privkey_base64(testkey,
passphrase,
NULL,
@ -631,7 +630,7 @@ static void torture_pki_ed25519_pubkey_dup(void **state)
{
ssh_key pubkey = NULL;
ssh_key dup = NULL;
const char *p = strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519, 0), ' ');
const char *p = strchr(torture_get_testkey_pub(SSH_KEYTYPE_ED25519), ' ');
char *pub_str = NULL;
char *q = NULL;
int rc;

36
tests/unittests/torture_pki_rsa.c
Просмотреть файл

@ -52,13 +52,13 @@ static int setup_rsa_key(void **state)
printf("Changed directory to: %s\n", tmp_dir);
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1));
torture_get_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01));
return 0;
}
@ -88,13 +88,13 @@ static int setup_openssh_rsa_key(void **state)
assert_int_equal(rc, 0);
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1));
torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01));
return 0;
}
@ -161,7 +161,7 @@ static void torture_pki_rsa_import_privkey_base64_NULL_key(void **state)
(void) state; /* unused */
/* test if it returns -1 if key is NULL */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
passphrase,
NULL,
NULL,
@ -224,7 +224,7 @@ static void torture_pki_rsa_publickey_from_privatekey(void **state)
(void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
passphrase,
NULL,
NULL,
@ -266,7 +266,7 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
assert_true(rc == SSH_OK);
assert_non_null(pubkey);
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0),
passphrase,
NULL,
NULL,
@ -333,7 +333,7 @@ static void torture_pki_rsa_publickey_base64(void **state)
(void) state; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_non_null(key_buf);
q = p = key_buf;
@ -398,8 +398,8 @@ static void torture_pki_rsa_generate_pubkey_from_privkey(void **state) {
sizeof(pubkey_generated));
assert_true(rc == 0);
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0),
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_RSA),
pubkey_generated,
len);
@ -641,7 +641,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
(void) state; /* unused */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 1),
passphrase,
NULL,
NULL,
@ -655,7 +655,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
SSH_KEY_FREE(key);
/* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 1),
"wrong passphrase !!",
NULL,
NULL,
@ -666,7 +666,7 @@ static void torture_pki_rsa_import_privkey_base64_passphrase(void **state)
#ifndef HAVE_LIBCRYPTO
/* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1),
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_RSA, 1),
NULL,
NULL,
NULL,
@ -686,7 +686,7 @@ torture_pki_rsa_import_openssh_privkey_base64_passphrase(void **state)
(void) state; /* unused */
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 0, 1);
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_RSA, 1);
assert_non_null(keystring);
rc = ssh_pki_import_privkey_base64(keystring,

4
tests/unittests/torture_server_x11.c
Просмотреть файл

@ -40,8 +40,8 @@ static int setup(void **state) {
assert_return_code(h->fd, errno);
close(h->fd);
h->key_type = SSH_KEYTYPE_ECDSA;
h->hostkey = torture_get_testkey(h->key_type, 0, 0);
h->key_type = SSH_KEYTYPE_ECDSA_P256;
h->hostkey = torture_get_testkey(h->key_type, 0);
torture_write_file(h->hostkey_path, h->hostkey);

18
tests/unittests/torture_threads_pki_rsa.c
Просмотреть файл

@ -98,13 +98,13 @@ static int setup_rsa_key(void **state)
printf("Changed directory to: %s\n", tmp_dir);
torture_write_file(LIBSSH_RSA_TESTKEY,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0));
torture_get_testkey(SSH_KEYTYPE_RSA, 0));
torture_write_file(LIBSSH_RSA_TESTKEY_PASSPHRASE,
torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1));
torture_get_testkey(SSH_KEYTYPE_RSA, 1));
torture_write_file(LIBSSH_RSA_TESTKEY ".pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA));
torture_write_file(LIBSSH_RSA_TESTKEY "-cert.pub",
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01, 0));
torture_get_testkey_pub(SSH_KEYTYPE_RSA_CERT01));
return 0;
}
@ -201,7 +201,7 @@ static void *thread_pki_rsa_import_privkey_base64_NULL_key(void *threadid)
(void) threadid; /* unused */
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
assert_non_null(testkey);
/* test if it returns -1 if key is NULL */
@ -306,7 +306,7 @@ static void *thread_pki_rsa_publickey_from_privatekey(void *threadid)
(void) threadid; /* unused */
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
rc = ssh_pki_import_privkey_base64(testkey,
passphrase,
NULL,
@ -362,7 +362,7 @@ static void *thread_pki_rsa_copy_cert_to_privkey(void *threadid)
assert_true(rc == SSH_OK);
assert_non_null(pubkey);
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 0);
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0);
assert_non_null(testkey);
rc = ssh_pki_import_privkey_base64(testkey,
@ -454,7 +454,7 @@ static void *thread_pki_rsa_publickey_base64(void *threadid)
(void) threadid; /* unused */
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0));
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_RSA));
assert_non_null(key_buf);
q = p = key_buf;
@ -636,7 +636,7 @@ static void *thread_pki_rsa_import_privkey_base64_passphrase(void *threadid)
(void) threadid; /* unused */
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 0, 1);
testkey = torture_get_testkey(SSH_KEYTYPE_RSA, 1);
assert_non_null(testkey);
rc = ssh_pki_import_privkey_base64(testkey,