static void torture_pki_import_privkey_base64_ECDSA(void **state) {
int rc;
char *key_str;
ssh_key key;
const char *passphrase = LIBSSH_PASSPHRASE;
(void) state; /* unused */
key_str = read_file(LIBSSH_ECDSA_TESTKEY);
assert_true(key_str != NULL);
rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
assert_true(rc == 0);
free(key_str);
ssh_key_free(key);
}
static void torture_pki_import_privkey_base64_NULL_str(void **state) {
int rc;
char *key_str;
ssh_key key = NULL;
const char *passphrase = LIBSSH_PASSPHRASE;
(void) state; /* unused */
key_str = read_file(LIBSSH_RSA_TESTKEY);
assert_true(key_str != NULL);
/* test if it returns -1 if key_str is NULL */
rc = ssh_pki_import_privkey_base64(NULL, passphrase, NULL, NULL, &key);
assert_true(rc == -1);
free(key_str);
ssh_key_free(key);
}
static void torture_pki_import_privkey_base64_passphrase(void **state) {
int rc;
char *key_str;
ssh_key key = NULL;
const char *passphrase = LIBSSH_PASSPHRASE;
(void) state; /* unused */
key_str = read_file(LIBSSH_RSA_TESTKEY);
assert_true(key_str != NULL);
rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
assert_true(rc == 0);
ssh_key_free(key);
/* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(key_str, "wrong passphrase !!", NULL,
NULL, &key);
assert_true(rc == -1);
#ifndef HAVE_LIBCRYPTO
/* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */
rc = ssh_pki_import_privkey_base64(key_str, NULL, NULL, NULL, &key);
assert_true(rc == -1);
#endif
free(key_str);
/* same for DSA */
key_str = read_file(LIBSSH_DSA_TESTKEY);
assert_true(key_str != NULL);
rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
assert_true(rc == 0);
ssh_key_free(key);
/* test if it returns -1 if passphrase is wrong */
rc = ssh_pki_import_privkey_base64(key_str, "wrong passphrase !!", NULL, NULL, &key);
assert_true(rc == -1);
#ifndef HAVE_LIBCRYPTO
/* test if it returns -1 if passphrase is NULL */
/* libcrypto asks for a passphrase, so skip this test */
rc = ssh_pki_import_privkey_base64(key_str, NULL, NULL, NULL, &key);
assert_true(rc == -1);
#endif
free(key_str);
}
static void torture_pki_publickey_from_privatekey_ECDSA(void **state) {
int rc;
char *key_str;
ssh_key key;
ssh_key pubkey;
const char *passphrase = NULL;
(void) state; /* unused */
key_str = read_file(LIBSSH_ECDSA_TESTKEY);
assert_true(key_str != NULL);
rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
assert_true(rc == 0);
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
assert_true(rc == SSH_OK);
free(key_str);
ssh_key_free(key);
ssh_key_free(pubkey);
}
static void torture_pki_import_privkey_base64_RSA(void **state) {
int rc;
char *key_str;
ssh_key key;
const char *passphrase = LIBSSH_PASSPHRASE;
enum ssh_keytypes_e type;
(void) state; /* unused */
key_str = read_file(LIBSSH_RSA_TESTKEY);
assert_true(key_str != NULL);
rc = ssh_pki_import_privkey_base64(key_str, passphrase, NULL, NULL, &key);
assert_true(rc == 0);
type = ssh_key_type(key);
assert_true(type == SSH_KEYTYPE_RSA);
rc = ssh_key_is_public(key);
assert_true(rc == 1);
free(key_str);
ssh_key_free(key);
}
/**
* @brief Import a key from a file.
*
* @param[in] filename The filename of the the private key.
*
* @param[in] passphrase The passphrase to decrypt the private key. Set to NULL
* if none is needed or it is unknown.
*
* @param[in] auth_fn An auth function you may want to use or NULL.
*
* @param[in] auth_data Private data passed to the auth function.
*
* @param[out] pkey A pointer to store the allocated ssh_key. You need to
* free the key.
*
* @returns SSH_OK on success, SSH_EOF if the file doesn't exist or permission
* denied, SSH_ERROR otherwise.
*
* @see ssh_key_free()
**/
int ssh_pki_import_privkey_file(const char *filename,
const char *passphrase,
ssh_auth_callback auth_fn,
void *auth_data,
ssh_key *pkey) {
struct stat sb;
char *key_buf;
FILE *file;
off_t size;
int rc;
if (pkey == NULL || filename == NULL || *filename == '\0') {
return SSH_ERROR;
}
file = fopen(filename, "rb");
if (file == NULL) {
SSH_LOG(SSH_LOG_WARN,
"Error opening %s: %s",
filename,
strerror(errno));
return SSH_EOF;
}
rc = fstat(fileno(file), &sb);
if (rc < 0) {
fclose(file);
SSH_LOG(SSH_LOG_WARN,
"Error getting stat of %s: %s",
filename,
strerror(errno));
switch (errno) {
case ENOENT:
case EACCES:
return SSH_EOF;
}
return SSH_ERROR;
}
if (sb.st_size > MAX_PRIVKEY_SIZE) {
SSH_LOG(SSH_LOG_WARN,
"Private key is bigger than 4M.");
fclose(file);
return SSH_ERROR;
}
key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) {
fclose(file);
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
return SSH_ERROR;
}
size = fread(key_buf, 1, sb.st_size, file);
fclose(file);
if (size != sb.st_size) {
SAFE_FREE(key_buf);
SSH_LOG(SSH_LOG_WARN,
"Error reading %s: %s",
filename,
strerror(errno));
return SSH_ERROR;
}
key_buf[size] = 0;
rc = ssh_pki_import_privkey_base64(key_buf,
passphrase,
auth_fn,
auth_data,
pkey);
SAFE_FREE(key_buf);
return rc;
}
