1
1
Граф коммитов

30 Коммитов

Автор SHA1 Сообщение Дата
Jakub Jelen
17a531d2af tests: Skip 1k RSA key generation in FIPS
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-21 08:58:21 +02:00
Jakub Jelen
d5095a55b9 tests: Add reproducer for T76
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-06-19 18:01:36 +02:00
Anderson Toshiyuki Sasaki
bb36cc30ee tests/torture_pki_rsa: Avoid using SHA1 in FIPS mode
Do not use SHA1 in signatures in FIPS mode.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 16:29:32 +02:00
Jakub Jelen
9f178be1fa tests: Cover comparison of public keys, which was missing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-06-13 11:00:56 +02:00
Anderson Toshiyuki Sasaki
248e5acd5c pki: Fail to sign when using wrong hash algorithm
Do not allow using SSH_DIGEST_AUTO for any algorithm other than
ed25519.

Do not allow using incompatible hash algorithms when signing or
verifying signatures.

Added negative tests for all combinations of signature and hash
algorithms.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
d923dc39c1 tests: Use public key to verify signatures
Previously in the tests the private key structure would be used for
signature verification.  Use the corresponding public key instead.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
88a8b1f57c pki_gcrypt: Added pki_sign_data() and pki_verify_data_signature()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
7bc53f3957 pki_mbedcrypto: Added pki_sign_data() and pki_verify_data_signature()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
fd9446553b pki_crypto: Added pki_sign_data() and pki_verify_data_signature()
pki_sign_data() uses the given private key and hash algorithm to sign
the data using the OpenSSL EVP interface.  The corresponding function
pki_verify_data_signature() receives the signature, the signed data, and
the public key to verify the signature.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Anderson Toshiyuki Sasaki
76f9808eb2 auth, pki: Calculate hash internally when signing/verifying
This makes pki_do_sign() and pki_signature_verify() to receive the
original input instead of the pre-calculated hash.  The hash is then
calculated internally.

The hash to be used inside the signature is decided earlier, when all
the information about the signature to be generated/verified is
available.

Simplify ssh_pki_do_sign() and ssh_srv_pki_do_sign_sessionid().

The tests were modified to use pki_do_sign() instead of
pki_do_sign_hash().

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-05-13 16:37:51 +02:00
Ben Toews
4a01496810 tests/unittests: test that signatures can be verified with certs
Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Ben Toews
b1f3cfec34 libssh: deprecate SSH_KEYTYPE_ECDSA
This type is imprecise. We often need the ecdsa_nid in addition to the key type
in order to do anything. We replace this singluar ECDSA type with one type per
curve.

Signed-off-by: Ben Toews <mastahyeti@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-04-17 10:21:42 +02:00
Anderson Toshiyuki Sasaki
9c5a1967c3 tests: Add NULL checks in pki tests
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
603b6d7222 tests: Prefer assert_non_null over assert_true
This also replaces some occurrences of assert_true with assert_null.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26 13:56:22 +01:00
Anderson Toshiyuki Sasaki
f38c6fcc6e tests: Use temporary directories in torture_pki_rsa.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-28 15:51:06 +01:00
Andreas Schneider
8c77a49729 tests: Fix pointer arithmetic in torture_pki_*_publickey_base64
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-24 09:48:35 +02:00
Anderson Toshiyuki Sasaki
2eaa23a20e tests: Replace ssh_key_free() with SSH_KEY_FREE()
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-27 15:21:30 +02:00
Anderson Toshiyuki Sasaki
143b5e2e50 tests: Use SSH_STRING_FREE_CHAR
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-27 15:21:30 +02:00
Anderson Toshiyuki Sasaki
8170e30073 tests: Add null checks in torture_pki_rsa.c
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 10:19:59 +02:00
Jakub Jelen
39975fdd6d tests: Verify we can read public key from OpenSSH container
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
eaaa4131de tests: Verify the keys loaded from new OpenSSH format
This runs the same test that are ran on the legacy PEM files
also with the new OpenSSH key files.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
945469c9e0 tests: SHA2 extension signatures
This introduces a new test case for RSA unit tests, verifying that
libraries are able to provide and verify the RSA signatures with
SHA2 hash algorithms.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-31 14:18:34 +02:00
Andreas Schneider
1e89896d05 tests: Make sure pointer are initialized in torture_pki_rsa
Fixes compiler warnings.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-20 18:42:03 +02:00
Andreas Schneider
67ef808a95 tests: Add additional NULL check in torture_pki_rsa_write_privkey()
CID 1393904
CID 1393903

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-06 08:50:11 +02:00
Andreas Schneider
206f3ff895 Rest in Peace SSHv1
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-06-29 14:41:14 +02:00
Andreas Schneider
1444ae5add pki: Fix random memory corruption
Fixes T78

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-06-29 09:30:59 +02:00
Andreas Schneider
f7a2330de7 torture_pki_rsa: Add tests for private key with passphrase
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
67b8f3d6df pki_crypto: Fix private key generation with password
We need to specify a cipher when we generate a key with a password.
OpenSSH uses aes_128_cbc, so we should use the same.

Thanks to Julian Lunz for the report.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
b0af812710 tests: Move torture keys to own file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00
Andreas Schneider
ddfc36aa56 tests: Move rsa tests to own test file
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-01-10 22:31:02 +01:00