void
sshkey_tests(void)
{
struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *ke, *kf;
struct sshbuf *b;
TEST_START("new invalid");
k1 = sshkey_new(-42);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
TEST_START("new/free KEY_UNSPEC");
k1 = sshkey_new(KEY_UNSPEC);
ASSERT_PTR_NE(k1, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_RSA1");
k1 = sshkey_new(KEY_RSA1);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_EQ(k1->rsa->p, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_RSA");
k1 = sshkey_new(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_EQ(k1->rsa->p, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_DSA");
k1 = sshkey_new(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
ASSERT_PTR_NE(k1->dsa->g, NULL);
ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_ECDSA");
k1 = sshkey_new(KEY_ECDSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_ED25519");
k1 = sshkey_new(KEY_ED25519);
ASSERT_PTR_NE(k1, NULL);
/* These should be blank until key loaded or generated */
ASSERT_PTR_EQ(k1->ed25519_sk, NULL);
ASSERT_PTR_EQ(k1->ed25519_pk, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new_private KEY_RSA");
k1 = sshkey_new_private(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_NE(k1->rsa->p, NULL);
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
sshkey_free(k1);
TEST_DONE();
TEST_START("new_private KEY_DSA");
k1 = sshkey_new_private(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
ASSERT_PTR_NE(k1->dsa->g, NULL);
ASSERT_PTR_NE(k1->dsa->priv_key, NULL);
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
sshkey_free(k1);
TEST_DONE();
TEST_START("generate KEY_RSA too small modulus");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
TEST_START("generate KEY_RSA too large modulus");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1 << 20, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
TEST_START("generate KEY_DSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("generate KEY_RSA");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 768, &kr), 0);
ASSERT_PTR_NE(kr, NULL);
ASSERT_PTR_NE(kr->rsa, NULL);
ASSERT_PTR_NE(kr->rsa->n, NULL);
ASSERT_PTR_NE(kr->rsa->e, NULL);
ASSERT_PTR_NE(kr->rsa->p, NULL);
ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 768);
TEST_DONE();
TEST_START("generate KEY_DSA");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
ASSERT_PTR_NE(kd, NULL);
ASSERT_PTR_NE(kd->dsa, NULL);
ASSERT_PTR_NE(kd->dsa->g, NULL);
ASSERT_PTR_NE(kd->dsa->priv_key, NULL);
TEST_DONE();
TEST_START("generate KEY_ECDSA");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
ASSERT_PTR_NE(ke, NULL);
ASSERT_PTR_NE(ke->ecdsa, NULL);
ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);
TEST_DONE();
TEST_START("generate KEY_ED25519");
ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
ASSERT_PTR_NE(kf, NULL);
ASSERT_INT_EQ(kf->type, KEY_ED25519);
ASSERT_PTR_NE(kf->ed25519_pk, NULL);
ASSERT_PTR_NE(kf->ed25519_sk, NULL);
TEST_DONE();
TEST_START("demote KEY_RSA");
ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(kr, k1);
ASSERT_INT_EQ(k1->type, KEY_RSA);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_EQ(k1->rsa->p, NULL);
TEST_DONE();
TEST_START("equal KEY_RSA/demoted KEY_RSA");
ASSERT_INT_EQ(sshkey_equal(kr, k1), 1);
sshkey_free(k1);
TEST_DONE();
TEST_START("demote KEY_DSA");
ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(kd, k1);
ASSERT_INT_EQ(k1->type, KEY_DSA);
ASSERT_PTR_NE(k1->dsa, NULL);
ASSERT_PTR_NE(k1->dsa->g, NULL);
ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
TEST_DONE();
TEST_START("equal KEY_DSA/demoted KEY_DSA");
ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
sshkey_free(k1);
TEST_DONE();
TEST_START("demote KEY_ECDSA");
ASSERT_INT_EQ(sshkey_demote(ke, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(ke, k1);
ASSERT_INT_EQ(k1->type, KEY_ECDSA);
ASSERT_PTR_NE(k1->ecdsa, NULL);
ASSERT_INT_EQ(k1->ecdsa_nid, ke->ecdsa_nid);
ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
ASSERT_PTR_EQ(EC_KEY_get0_private_key(k1->ecdsa), NULL);
TEST_DONE();
TEST_START("equal KEY_ECDSA/demoted KEY_ECDSA");
ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
sshkey_free(k1);
TEST_DONE();
TEST_START("demote KEY_ED25519");
ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(kf, k1);
ASSERT_INT_EQ(k1->type, KEY_ED25519);
ASSERT_PTR_NE(k1->ed25519_pk, NULL);
ASSERT_PTR_EQ(k1->ed25519_sk, NULL);
TEST_DONE();
TEST_START("equal KEY_ED25519/demoted KEY_ED25519");
ASSERT_INT_EQ(sshkey_equal(kf, k1), 1);
sshkey_free(k1);
TEST_DONE();
TEST_START("equal mismatched key types");
ASSERT_INT_EQ(sshkey_equal(kd, kr), 0);
ASSERT_INT_EQ(sshkey_equal(kd, ke), 0);
ASSERT_INT_EQ(sshkey_equal(kr, ke), 0);
ASSERT_INT_EQ(sshkey_equal(ke, kf), 0);
ASSERT_INT_EQ(sshkey_equal(kd, kf), 0);
TEST_DONE();
TEST_START("equal different keys");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 768, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kd, k1), 0);
sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
sshkey_free(k1);
TEST_DONE();
sshkey_free(kr);
sshkey_free(kd);
sshkey_free(ke);
sshkey_free(kf);
/* XXX certify test */
/* XXX sign test */
/* XXX verify test */
TEST_START("nested certificate");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
NULL), 0);
b = load_file("rsa_2");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", "rsa_1",
&k3, NULL), 0);
sshbuf_reset(b);
build_cert(b, k2, "*****@*****.**", k3, k1);
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);
ASSERT_PTR_EQ(k4, NULL);
sshbuf_free(b);
sshkey_free(k1);
sshkey_free(k2);
sshkey_free(k3);
TEST_DONE();
}
void
sshkey_file_tests(void)
{
struct sshkey *k1, *k2;
struct sshbuf *buf, *pw;
BIGNUM *a, *b, *c;
char *cp;
TEST_START("load passphrase");
pw = load_text_file("pw");
TEST_DONE();
TEST_START("parse RSA1 from private");
buf = load_file("rsa1_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "rsa1_1", &k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
a = load_bignum("rsa1_1.param.n");
ASSERT_BIGNUM_EQ(k1->rsa->n, a);
BN_free(a);
TEST_DONE();
TEST_START("parse RSA from private w/ passphrase");
buf = load_file("rsa1_1_pw");
ASSERT_INT_EQ(sshkey_parse_private(buf, sshbuf_ptr(pw), "rsa1_1_pw",
&k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load RSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("RSA key hex fingerprint");
buf = load_text_file("rsa1_1.fp");
cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("RSA key bubblebabble fingerprint");
buf = load_text_file("rsa1_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
TEST_START("parse RSA from private");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "rsa_1", &k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
a = load_bignum("rsa_1.param.n");
b = load_bignum("rsa_1.param.p");
c = load_bignum("rsa_1.param.q");
ASSERT_BIGNUM_EQ(k1->rsa->n, a);
ASSERT_BIGNUM_EQ(k1->rsa->p, b);
ASSERT_BIGNUM_EQ(k1->rsa->q, c);
BN_free(a);
BN_free(b);
BN_free(c);
TEST_DONE();
TEST_START("parse RSA from private w/ passphrase");
buf = load_file("rsa_1_pw");
ASSERT_INT_EQ(sshkey_parse_private(buf, sshbuf_ptr(pw), "rsa_1_pw",
&k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load RSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("RSA key hex fingerprint");
buf = load_text_file("rsa_1.fp");
cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("RSA key bubblebabble fingerprint");
buf = load_text_file("rsa_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
TEST_START("parse DSA from private");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "dsa_1", &k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
a = load_bignum("dsa_1.param.g");
b = load_bignum("dsa_1.param.priv");
c = load_bignum("dsa_1.param.pub");
ASSERT_BIGNUM_EQ(k1->dsa->g, a);
ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
BN_free(a);
BN_free(b);
BN_free(c);
TEST_DONE();
TEST_START("parse DSA from private w/ passphrase");
buf = load_file("dsa_1_pw");
ASSERT_INT_EQ(sshkey_parse_private(buf, sshbuf_ptr(pw), "dsa_1_pw",
&k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load DSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("DSA key hex fingerprint");
buf = load_text_file("dsa_1.fp");
cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("DSA key bubblebabble fingerprint");
buf = load_text_file("dsa_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
TEST_START("parse ECDSA from private");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private(buf, "", "ecdsa_1", &k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
buf = load_text_file("ecdsa_1.param.curve");
ASSERT_STRING_EQ(sshbuf_ptr(buf), OBJ_nid2sn(k1->ecdsa_nid));
sshbuf_free(buf);
a = load_bignum("ecdsa_1.param.priv");
b = load_bignum("ecdsa_1.param.pub");
c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),
EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,
NULL, NULL);
ASSERT_PTR_NE(c, NULL);
ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);
ASSERT_BIGNUM_EQ(b, c);
BN_free(a);
BN_free(b);
BN_free(c);
TEST_DONE();
TEST_START("parse ECDSA from private w/ passphrase");
buf = load_file("ecdsa_1_pw");
ASSERT_INT_EQ(sshkey_parse_private(buf, sshbuf_ptr(pw), "ecdsa_1_pw",
&k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load ECDSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("ECDSA key hex fingerprint");
buf = load_text_file("ecdsa_1.fp");
cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("ECDSA key bubblebabble fingerprint");
buf = load_text_file("ecdsa_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
sshbuf_free(pw);
}
void
sshkey_file_tests(void)
{
struct sshkey *k1, *k2;
struct sshbuf *buf, *pw;
BIGNUM *a, *b, *c;
char *cp;
TEST_START("load passphrase");
pw = load_text_file("pw");
TEST_DONE();
#ifdef WITH_SSH1
TEST_START("parse RSA1 from private");
buf = load_file("rsa1_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1",
&k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
a = load_bignum("rsa1_1.param.n");
ASSERT_BIGNUM_EQ(k1->rsa->n, a);
BN_free(a);
TEST_DONE();
TEST_START("parse RSA1 from private w/ passphrase");
buf = load_file("rsa1_1_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load RSA1 from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("RSA1 key hex fingerprint");
buf = load_text_file("rsa1_1.fp");
cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("RSA1 key bubblebabble fingerprint");
buf = load_text_file("rsa1_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
#endif
TEST_START("parse RSA from private");
buf = load_file("rsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",
&k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
a = load_bignum("rsa_1.param.n");
b = load_bignum("rsa_1.param.p");
c = load_bignum("rsa_1.param.q");
ASSERT_BIGNUM_EQ(k1->rsa->n, a);
ASSERT_BIGNUM_EQ(k1->rsa->p, b);
ASSERT_BIGNUM_EQ(k1->rsa->q, c);
BN_free(a);
BN_free(b);
BN_free(c);
TEST_DONE();
TEST_START("parse RSA from private w/ passphrase");
buf = load_file("rsa_1_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("parse RSA from new-format");
buf = load_file("rsa_n");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
"", "rsa_n", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("parse RSA from new-format w/ passphrase");
buf = load_file("rsa_n_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load RSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load RSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
TEST_DONE();
TEST_START("RSA key hex fingerprint");
buf = load_text_file("rsa_1.fp");
cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("RSA cert hex fingerprint");
buf = load_text_file("rsa_1-cert.fp");
cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
sshkey_free(k2);
TEST_DONE();
TEST_START("RSA key bubblebabble fingerprint");
buf = load_text_file("rsa_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
TEST_START("parse DSA from private");
buf = load_file("dsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1",
&k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
a = load_bignum("dsa_1.param.g");
b = load_bignum("dsa_1.param.priv");
c = load_bignum("dsa_1.param.pub");
ASSERT_BIGNUM_EQ(k1->dsa->g, a);
ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
BN_free(a);
BN_free(b);
BN_free(c);
TEST_DONE();
TEST_START("parse DSA from private w/ passphrase");
buf = load_file("dsa_1_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("parse DSA from new-format");
buf = load_file("dsa_n");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
"", "dsa_n", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("parse DSA from new-format w/ passphrase");
buf = load_file("dsa_n_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load DSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load DSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
TEST_DONE();
TEST_START("DSA key hex fingerprint");
buf = load_text_file("dsa_1.fp");
cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("DSA cert hex fingerprint");
buf = load_text_file("dsa_1-cert.fp");
cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
sshkey_free(k2);
TEST_DONE();
TEST_START("DSA key bubblebabble fingerprint");
buf = load_text_file("dsa_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
#ifdef OPENSSL_HAS_ECC
TEST_START("parse ECDSA from private");
buf = load_file("ecdsa_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1",
&k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
buf = load_text_file("ecdsa_1.param.curve");
ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf),
OBJ_nid2sn(k1->ecdsa_nid));
sshbuf_free(buf);
a = load_bignum("ecdsa_1.param.priv");
b = load_bignum("ecdsa_1.param.pub");
c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),
EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,
NULL, NULL);
ASSERT_PTR_NE(c, NULL);
ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);
ASSERT_BIGNUM_EQ(b, c);
BN_free(a);
BN_free(b);
BN_free(c);
TEST_DONE();
TEST_START("parse ECDSA from private w/ passphrase");
buf = load_file("ecdsa_1_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("parse ECDSA from new-format");
buf = load_file("ecdsa_n");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
"", "ecdsa_n", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("parse ECDSA from new-format w/ passphrase");
buf = load_file("ecdsa_n_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load ECDSA from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load ECDSA cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
TEST_DONE();
TEST_START("ECDSA key hex fingerprint");
buf = load_text_file("ecdsa_1.fp");
cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("ECDSA cert hex fingerprint");
buf = load_text_file("ecdsa_1-cert.fp");
cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
sshkey_free(k2);
TEST_DONE();
TEST_START("ECDSA key bubblebabble fingerprint");
buf = load_text_file("ecdsa_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
#endif /* OPENSSL_HAS_ECC */
TEST_START("parse Ed25519 from private");
buf = load_file("ed25519_1");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1",
&k1, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k1, NULL);
ASSERT_INT_EQ(k1->type, KEY_ED25519);
/* XXX check key contents */
TEST_DONE();
TEST_START("parse Ed25519 from private w/ passphrase");
buf = load_file("ed25519_1_pw");
ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
(const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0);
sshbuf_free(buf);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load Ed25519 from public");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
NULL), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
sshkey_free(k2);
TEST_DONE();
TEST_START("load Ed25519 cert");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0);
ASSERT_PTR_NE(k2, NULL);
ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT);
ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
TEST_DONE();
TEST_START("Ed25519 key hex fingerprint");
buf = load_text_file("ed25519_1.fp");
cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
TEST_START("Ed25519 cert hex fingerprint");
buf = load_text_file("ed25519_1-cert.fp");
cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
sshkey_free(k2);
TEST_DONE();
TEST_START("Ed25519 key bubblebabble fingerprint");
buf = load_text_file("ed25519_1.fp.bb");
cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
ASSERT_PTR_NE(cp, NULL);
ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
sshbuf_free(buf);
free(cp);
TEST_DONE();
sshkey_free(k1);
sshbuf_free(pw);
}
void
sshkey_tests(void)
{
struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
#ifdef OPENSSL_HAS_ECC
struct sshkey *ke;
#endif
struct sshbuf *b;
TEST_START("new invalid");
k1 = sshkey_new(-42);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
TEST_START("new/free KEY_UNSPEC");
k1 = sshkey_new(KEY_UNSPEC);
ASSERT_PTR_NE(k1, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_RSA1");
k1 = sshkey_new(KEY_RSA1);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_EQ(k1->rsa->p, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_RSA");
k1 = sshkey_new(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_EQ(k1->rsa->p, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new/free KEY_DSA");
k1 = sshkey_new(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
ASSERT_PTR_NE(k1->dsa->g, NULL);
ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("new/free KEY_ECDSA");
k1 = sshkey_new(KEY_ECDSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_EQ(k1->ecdsa, NULL); /* Can't allocate without NID */
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("new/free KEY_ED25519");
k1 = sshkey_new(KEY_ED25519);
ASSERT_PTR_NE(k1, NULL);
/* These should be blank until key loaded or generated */
ASSERT_PTR_EQ(k1->ed25519_sk, NULL);
ASSERT_PTR_EQ(k1->ed25519_pk, NULL);
sshkey_free(k1);
TEST_DONE();
TEST_START("new_private KEY_RSA");
k1 = sshkey_new_private(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_NE(k1->rsa->p, NULL);
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
sshkey_free(k1);
TEST_DONE();
TEST_START("new_private KEY_DSA");
k1 = sshkey_new_private(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
ASSERT_PTR_NE(k1->dsa->g, NULL);
ASSERT_PTR_NE(k1->dsa->priv_key, NULL);
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
sshkey_free(k1);
TEST_DONE();
TEST_START("generate KEY_RSA too small modulus");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
TEST_START("generate KEY_RSA too large modulus");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1 << 20, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
TEST_START("generate KEY_DSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_PTR_EQ(k1, NULL);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("generate KEY_RSA");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 767, &kr),
SSH_ERR_INVALID_ARGUMENT);
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
ASSERT_PTR_NE(kr, NULL);
ASSERT_PTR_NE(kr->rsa, NULL);
ASSERT_PTR_NE(kr->rsa->n, NULL);
ASSERT_PTR_NE(kr->rsa->e, NULL);
ASSERT_PTR_NE(kr->rsa->p, NULL);
ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024);
TEST_DONE();
TEST_START("generate KEY_DSA");
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
ASSERT_PTR_NE(kd, NULL);
ASSERT_PTR_NE(kd->dsa, NULL);
ASSERT_PTR_NE(kd->dsa->g, NULL);
ASSERT_PTR_NE(kd->dsa->priv_key, NULL);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("generate KEY_ECDSA");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
ASSERT_PTR_NE(ke, NULL);
ASSERT_PTR_NE(ke->ecdsa, NULL);
ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);
TEST_DONE();
#endif
TEST_START("generate KEY_ED25519");
ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
ASSERT_PTR_NE(kf, NULL);
ASSERT_INT_EQ(kf->type, KEY_ED25519);
ASSERT_PTR_NE(kf->ed25519_pk, NULL);
ASSERT_PTR_NE(kf->ed25519_sk, NULL);
TEST_DONE();
TEST_START("demote KEY_RSA");
ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(kr, k1);
ASSERT_INT_EQ(k1->type, KEY_RSA);
ASSERT_PTR_NE(k1->rsa, NULL);
ASSERT_PTR_NE(k1->rsa->n, NULL);
ASSERT_PTR_NE(k1->rsa->e, NULL);
ASSERT_PTR_EQ(k1->rsa->p, NULL);
TEST_DONE();
TEST_START("equal KEY_RSA/demoted KEY_RSA");
ASSERT_INT_EQ(sshkey_equal(kr, k1), 1);
sshkey_free(k1);
TEST_DONE();
TEST_START("demote KEY_DSA");
ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(kd, k1);
ASSERT_INT_EQ(k1->type, KEY_DSA);
ASSERT_PTR_NE(k1->dsa, NULL);
ASSERT_PTR_NE(k1->dsa->g, NULL);
ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
TEST_DONE();
TEST_START("equal KEY_DSA/demoted KEY_DSA");
ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
sshkey_free(k1);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
TEST_START("demote KEY_ECDSA");
ASSERT_INT_EQ(sshkey_demote(ke, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(ke, k1);
ASSERT_INT_EQ(k1->type, KEY_ECDSA);
ASSERT_PTR_NE(k1->ecdsa, NULL);
ASSERT_INT_EQ(k1->ecdsa_nid, ke->ecdsa_nid);
ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
ASSERT_PTR_EQ(EC_KEY_get0_private_key(k1->ecdsa), NULL);
TEST_DONE();
TEST_START("equal KEY_ECDSA/demoted KEY_ECDSA");
ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
sshkey_free(k1);
TEST_DONE();
#endif
TEST_START("demote KEY_ED25519");
ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(kf, k1);
ASSERT_INT_EQ(k1->type, KEY_ED25519);
ASSERT_PTR_NE(k1->ed25519_pk, NULL);
ASSERT_PTR_EQ(k1->ed25519_sk, NULL);
TEST_DONE();
TEST_START("equal KEY_ED25519/demoted KEY_ED25519");
ASSERT_INT_EQ(sshkey_equal(kf, k1), 1);
sshkey_free(k1);
TEST_DONE();
TEST_START("equal mismatched key types");
ASSERT_INT_EQ(sshkey_equal(kd, kr), 0);
#ifdef OPENSSL_HAS_ECC
ASSERT_INT_EQ(sshkey_equal(kd, ke), 0);
ASSERT_INT_EQ(sshkey_equal(kr, ke), 0);
ASSERT_INT_EQ(sshkey_equal(ke, kf), 0);
#endif
ASSERT_INT_EQ(sshkey_equal(kd, kf), 0);
TEST_DONE();
TEST_START("equal different keys");
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
sshkey_free(k1);
ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kd, k1), 0);
sshkey_free(k1);
#ifdef OPENSSL_HAS_ECC
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
sshkey_free(k1);
#endif
ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &k1), 0);
ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
sshkey_free(k1);
TEST_DONE();
sshkey_free(kr);
sshkey_free(kd);
#ifdef OPENSSL_HAS_ECC
sshkey_free(ke);
#endif
sshkey_free(kf);
TEST_START("certify key");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"),
&k1, NULL), 0);
k2 = get_private("ed25519_2");
ASSERT_INT_EQ(sshkey_to_certified(k1), 0);
ASSERT_PTR_NE(k1->cert, NULL);
k1->cert->type = SSH2_CERT_TYPE_USER;
k1->cert->serial = 1234;
k1->cert->key_id = strdup("estragon");
ASSERT_PTR_NE(k1->cert->key_id, NULL);
k1->cert->principals = calloc(4, sizeof(*k1->cert->principals));
ASSERT_PTR_NE(k1->cert->principals, NULL);
k1->cert->principals[0] = strdup("estragon");
k1->cert->principals[1] = strdup("vladimir");
k1->cert->principals[2] = strdup("pozzo");
k1->cert->principals[3] = strdup("lucky");
ASSERT_PTR_NE(k1->cert->principals[0], NULL);
ASSERT_PTR_NE(k1->cert->principals[1], NULL);
ASSERT_PTR_NE(k1->cert->principals[2], NULL);
ASSERT_PTR_NE(k1->cert->principals[3], NULL);
k1->cert->valid_after = 0;
k1->cert->valid_before = (u_int64_t)-1;
k1->cert->critical = sshbuf_new();
ASSERT_PTR_NE(k1->cert->critical, NULL);
k1->cert->extensions = sshbuf_new();
ASSERT_PTR_NE(k1->cert->extensions, NULL);
put_opt(k1->cert->critical, "force-command", "/usr/bin/true");
put_opt(k1->cert->critical, "source-address", "127.0.0.1");
put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL);
put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL);
ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0);
ASSERT_INT_EQ(sshkey_certify(k1, k2), 0);
b = sshbuf_new();
ASSERT_PTR_NE(b, NULL);
ASSERT_INT_EQ(sshkey_putb(k1, b), 0);
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k3), 0);
sshkey_free(k1);
sshkey_free(k2);
sshkey_free(k3);
sshbuf_reset(b);
TEST_DONE();
TEST_START("sign and verify RSA");
k1 = get_private("rsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
NULL), 0);
signature_tests(k1, k2);
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
TEST_START("sign and verify DSA");
k1 = get_private("dsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
NULL), 0);
signature_tests(k1, k2);
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
#ifndef WIN32_FIXME
TEST_START("sign and verify ECDSA");
k1 = get_private("ecdsa_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
NULL), 0);
signature_tests(k1, k2);
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
#endif
#endif
TEST_START("sign and verify ED25519");
k1 = get_private("ed25519_1");
ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2,
NULL), 0);
signature_tests(k1, k2);
sshkey_free(k1);
sshkey_free(k2);
TEST_DONE();
TEST_START("nested certificate");
ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
NULL), 0);
k3 = get_private("rsa_1");
build_cert(b, k2, "*****@*****.**", k3, k1);
ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);
ASSERT_PTR_EQ(k4, NULL);
sshkey_free(k1);
sshkey_free(k2);
sshkey_free(k3);
sshbuf_free(b);
TEST_DONE();
}