[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] pki crypto: expose new ssh_pki_key_ecdsa_name API
[Thread Prev] | [Thread Next]
- Subject: [PATCH] pki crypto: expose new ssh_pki_key_ecdsa_name API
- From: Jon Simons <jon@xxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Fri, 04 Apr 2014 15:52:43 -0700
- To: libssh@xxxxxxxxxx
Hi, Attached is an updated and adjusted patch to expose a getter for the "ecdsa-sha2-nistpNNN" names of ECDSA keys. I've added documentation and a few test passes to the torture_pki unit test. This patch replaces an older one originally sent out here: http://www.libssh.org/archive/libssh/2014-03/0000066.html Thanks, -Jon
From 9a3998d5d158669e795fb73db2ce45a27cb95450 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@xxxxxxxxxxxxx>
Date: Fri, 4 Apr 2014 15:37:43 -0700
Subject: [PATCH] pki crypto: expose new ssh_pki_key_ecdsa_name API
Enable retrieving the "ecdsa-sha2-nistpNNN" name of ECDSA keys with a
new 'ssh_pki_key_ecdsa_name' API. This gives more information than the
'ssh_key_type_to_char' API, which yields "ssh-ecdsa" for ECDSA keys.
The motivation is that this info is useful to have in a server context.
The torture_pki unit test is updated to include the new API, and a few
more passes are added to additionally test 384 and 521-bit keys.
Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
include/libssh/libssh.h | 2 +
src/pki_crypto.c | 14 ++++
tests/unittests/torture_pki.c | 152 +++++++++++++++++++++++++++++++++++++++---
3 files changed, 158 insertions(+), 10 deletions(-)
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 9cd03ce..b59090d 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -534,6 +534,8 @@ LIBSSH_API int ssh_pki_export_pubkey_base64(const ssh_key key,
LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
const char *filename);
+LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
+
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 1a9aa3e..0ef4d51 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -105,6 +105,20 @@ static const char *pki_key_ecdsa_nid_to_name(int nid)
return "unknown";
}
+/**
+ * @brief returns the ECDSA key name ("ecdsa-sha2-nistp256" for example)
+ *
+ * @param[in] key the ssh_key whose ECDSA name to get
+ *
+ * @returns the ECDSA key name ("ecdsa-sha2-nistp256" for example)
+ *
+ * @returns "unknown" if the ECDSA key name is not known
+ */
+const char *ssh_pki_key_ecdsa_name(const ssh_key key)
+{
+ return pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
+}
+
static const char *pki_key_ecdsa_nid_to_char(int nid)
{
switch (nid) {
diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c
index 9cc3959..7eab95d 100644
--- a/tests/unittests/torture_pki.c
+++ b/tests/unittests/torture_pki.c
@@ -36,17 +36,36 @@ static void setup_dsa_key(void **state) {
}
#ifdef HAVE_OPENSSL_ECC
-static void setup_ecdsa_key(void **state) {
- int rc;
+static void setup_ecdsa_key(void **state, int ecdsa_bits) {
+ int rc = -1;
(void) state; /* unused */
unlink(LIBSSH_ECDSA_TESTKEY);
unlink(LIBSSH_ECDSA_TESTKEY ".pub");
- rc = system("ssh-keygen -t ecdsa -q -N \"\" -f " LIBSSH_ECDSA_TESTKEY);
+ if (ecdsa_bits == 256) {
+ rc = system("ssh-keygen -t ecdsa -b 256 -q -N \"\" -f " LIBSSH_ECDSA_TESTKEY);
+ } else if (ecdsa_bits == 384) {
+ rc = system("ssh-keygen -t ecdsa -b 384 -q -N \"\" -f " LIBSSH_ECDSA_TESTKEY);
+ } else if (ecdsa_bits == 521) {
+ rc = system("ssh-keygen -t ecdsa -b 521 -q -N \"\" -f " LIBSSH_ECDSA_TESTKEY);
+ }
+
assert_true(rc == 0);
}
+
+static void setup_ecdsa_key_521(void **state) {
+ setup_ecdsa_key(state, 521);
+}
+
+static void setup_ecdsa_key_384(void **state) {
+ setup_ecdsa_key(state, 384);
+}
+
+static void setup_ecdsa_key_256(void **state) {
+ setup_ecdsa_key(state, 256);
+}
#endif
static void setup_both_keys(void **state) {
@@ -939,6 +958,9 @@ static void torture_pki_generate_key_ecdsa(void **state)
int rc;
ssh_key key;
ssh_signature sign;
+ enum ssh_keytypes_e type = SSH_KEYTYPE_UNKNOWN;
+ const char *type_char = NULL;
+ const char *etype_char = NULL;
ssh_session session=ssh_new();
(void) state;
@@ -949,6 +971,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_true(sign != NULL);
rc = pki_signature_verify(session,sign,key,HASH,20);
assert_true(rc == SSH_OK);
+ type = ssh_key_type(key);
+ assert_true(type == SSH_KEYTYPE_ECDSA);
+ type_char = ssh_key_type_to_char(type);
+ assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
+ etype_char = ssh_pki_key_ecdsa_name(key);
+ assert_true(strcmp(etype_char, "ecdsa-sha2-nistp256") == 0);
+
ssh_signature_free(sign);
ssh_key_free(key);
key=NULL;
@@ -960,6 +989,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_true(sign != NULL);
rc = pki_signature_verify(session,sign,key,HASH,20);
assert_true(rc == SSH_OK);
+ type = ssh_key_type(key);
+ assert_true(type == SSH_KEYTYPE_ECDSA);
+ type_char = ssh_key_type_to_char(type);
+ assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
+ etype_char =ssh_pki_key_ecdsa_name(key);
+ assert_true(strcmp(etype_char, "ecdsa-sha2-nistp384") == 0);
+
ssh_signature_free(sign);
ssh_key_free(key);
key=NULL;
@@ -971,6 +1007,13 @@ static void torture_pki_generate_key_ecdsa(void **state)
assert_true(sign != NULL);
rc = pki_signature_verify(session,sign,key,HASH,20);
assert_true(rc == SSH_OK);
+ type = ssh_key_type(key);
+ assert_true(type == SSH_KEYTYPE_ECDSA);
+ type_char = ssh_key_type_to_char(type);
+ assert_true(strcmp(type_char, "ssh-ecdsa") == 0);
+ etype_char =ssh_pki_key_ecdsa_name(key);
+ assert_true(strcmp(etype_char, "ecdsa-sha2-nistp521") == 0);
+
ssh_signature_free(sign);
ssh_key_free(key);
key=NULL;
@@ -1103,6 +1146,42 @@ static void torture_pki_write_privkey_ecdsa(void **state)
#endif
#endif /* HAVE_LIBCRYPTO */
+#ifdef HAVE_ECC
+static void torture_pki_ecdsa_name(void **state, const char *expected_name)
+{
+ int rc;
+ ssh_key key;
+ const char *etype_char = NULL;
+
+ (void) state; /* unused */
+
+ ssh_set_log_level(5);
+
+ rc = ssh_pki_import_privkey_file(LIBSSH_ECDSA_TESTKEY, NULL, NULL, NULL, &key);
+ assert_true(rc == 0);
+
+ etype_char =ssh_pki_key_ecdsa_name(key);
+ assert_true(strcmp(etype_char, expected_name) == 0);
+
+ ssh_key_free(key);
+}
+
+static void torture_pki_ecdsa_name256(void **state)
+{
+ torture_pki_ecdsa_name(state, "ecdsa-sha2-nistp256");
+}
+
+static void torture_pki_ecdsa_name384(void **state)
+{
+ torture_pki_ecdsa_name(state, "ecdsa-sha2-nistp384");
+}
+
+static void torture_pki_ecdsa_name521(void **state)
+{
+ torture_pki_ecdsa_name(state, "ecdsa-sha2-nistp521");
+}
+#endif
+
int torture_run_tests(void) {
int rc;
const UnitTest tests[] = {
@@ -1125,7 +1204,13 @@ int torture_run_tests(void) {
teardown),
#ifdef HAVE_ECC
unit_test_setup_teardown(torture_pki_import_privkey_base64_ECDSA,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_import_privkey_base64_ECDSA,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_import_privkey_base64_ECDSA,
+ setup_ecdsa_key_521,
teardown),
#endif
unit_test_setup_teardown(torture_pki_import_privkey_base64_passphrase,
@@ -1140,10 +1225,22 @@ int torture_run_tests(void) {
teardown),
#ifdef HAVE_ECC
unit_test_setup_teardown(torture_pki_publickey_from_privatekey_ECDSA,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_publickey_from_privatekey_ECDSA,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_publickey_from_privatekey_ECDSA,
+ setup_ecdsa_key_521,
teardown),
unit_test_setup_teardown(torture_pki_ecdsa_duplicate_then_demote,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_ecdsa_duplicate_then_demote,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_ecdsa_duplicate_then_demote,
+ setup_ecdsa_key_521,
teardown),
#endif
/* public key */
@@ -1155,7 +1252,13 @@ int torture_run_tests(void) {
teardown),
#ifdef HAVE_ECC
unit_test_setup_teardown(torture_pki_publickey_ecdsa_base64,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_publickey_ecdsa_base64,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_publickey_ecdsa_base64,
+ setup_ecdsa_key_521,
teardown),
#endif
@@ -1167,7 +1270,13 @@ int torture_run_tests(void) {
teardown),
#ifdef HAVE_ECC
unit_test_setup_teardown(torture_generate_pubkey_from_privkey_ecdsa,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_generate_pubkey_from_privkey_ecdsa,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_generate_pubkey_from_privkey_ecdsa,
+ setup_ecdsa_key_521,
teardown),
#endif
@@ -1179,7 +1288,13 @@ int torture_run_tests(void) {
teardown),
#ifdef HAVE_ECC
unit_test_setup_teardown(torture_pki_duplicate_key_ecdsa,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_duplicate_key_ecdsa,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_duplicate_key_ecdsa,
+ setup_ecdsa_key_521,
teardown),
#endif
unit_test(torture_pki_generate_key_rsa),
@@ -1197,10 +1312,27 @@ int torture_run_tests(void) {
teardown),
#ifdef HAVE_ECC
unit_test_setup_teardown(torture_pki_write_privkey_ecdsa,
- setup_ecdsa_key,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_write_privkey_ecdsa,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_write_privkey_ecdsa,
+ setup_ecdsa_key_521,
teardown),
#endif
#endif /* HAVE_LIBCRYPTO */
+#ifdef HAVE_ECC
+ unit_test_setup_teardown(torture_pki_ecdsa_name256,
+ setup_ecdsa_key_256,
+ teardown),
+ unit_test_setup_teardown(torture_pki_ecdsa_name384,
+ setup_ecdsa_key_384,
+ teardown),
+ unit_test_setup_teardown(torture_pki_ecdsa_name521,
+ setup_ecdsa_key_521,
+ teardown),
+#endif
};
(void)setup_both_keys;
--
1.8.4.21.g992c386
Archive administrator: postmaster@lists.cynapses.org