basic unit tests for rsa-sha2-* signature types

author: djm <djm@openbsd.org> 2015-12-07 02:20:46 +0000
committer: djm <djm@openbsd.org> 2015-12-07 02:20:46 +0000
commit: 3382e0804030f878d5a73758457b7e06c0506b3c (patch)
tree: 799a502acd38876d37cde70f045fed99824a4eac /regress/usr.bin/ssh/unittests/sshkey
parent: NFS can pass a buffer cache buffer straight to VOP_STRATEGY here, so dma_flip is (diff)
download: wireguard-openbsd-3382e0804030f878d5a73758457b7e06c0506b3c.tar.xz
wireguard-openbsd-3382e0804030f878d5a73758457b7e06c0506b3c.zip
2 files changed, 55 insertions, 19 deletions
diff --git a/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c b/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
index 74920374d57..c86b7cc9935 100644
--- a/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
+++ b/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_fuzz.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */
+/* 	$OpenBSD: test_fuzz.c,v 1.6 2015/12/07 02:20:46 djm Exp $ */
 /*
  * Fuzz tests for key parsing
  *
@@ -66,13 +66,13 @@ public_fuzz(struct sshkey *k)
 }
 
 static void
-sig_fuzz(struct sshkey *k)
+sig_fuzz(struct sshkey *k, const char *sig_alg)
 {
 	struct fuzz *fuzz;
 	u_char *sig, c[] = "some junk to be signed";
 	size_t l;
 
-	ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0);
+	ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0);
 	ASSERT_SIZE_T_GT(l, 0);
 	fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */
 	    FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
@@ -342,7 +342,23 @@ sshkey_fuzz_tests(void)
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
 	sshbuf_free(buf);
-	sig_fuzz(k1);
+	sig_fuzz(k1, "ssh-rsa");
+	sshkey_free(k1);
+	TEST_DONE();
+
+	TEST_START("fuzz RSA SHA256 sig");
+	buf = load_file("rsa_1");
+	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
+	sshbuf_free(buf);
+	sig_fuzz(k1, "rsa-sha2-256");
+	sshkey_free(k1);
+	TEST_DONE();
+
+	TEST_START("fuzz RSA SHA512 sig");
+	buf = load_file("rsa_1");
+	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
+	sshbuf_free(buf);
+	sig_fuzz(k1, "rsa-sha2-512");
 	sshkey_free(k1);
 	TEST_DONE();
 
@@ -350,7 +366,7 @@ sshkey_fuzz_tests(void)
 	buf = load_file("dsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
 	sshbuf_free(buf);
-	sig_fuzz(k1);
+	sig_fuzz(k1, NULL);
 	sshkey_free(k1);
 	TEST_DONE();
 
@@ -358,7 +374,7 @@ sshkey_fuzz_tests(void)
 	buf = load_file("ecdsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
 	sshbuf_free(buf);
-	sig_fuzz(k1);
+	sig_fuzz(k1, NULL);
 	sshkey_free(k1);
 	TEST_DONE();
 
@@ -366,7 +382,7 @@ sshkey_fuzz_tests(void)
 	buf = load_file("ed25519_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
 	sshbuf_free(buf);
-	sig_fuzz(k1);
+	sig_fuzz(k1, NULL);
 	sshkey_free(k1);
 	TEST_DONE();
 
diff --git a/regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c b/regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
index ecb9139868c..aa539452224 100644
--- a/regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
+++ b/regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshkey.c,v 1.8 2015/10/06 01:20:59 djm Exp $ */
+/* 	$OpenBSD: test_sshkey.c,v 1.9 2015/12/07 02:20:46 djm Exp $ */
 /*
  * Regress test for sshkey.h key management API
  *
@@ -46,7 +46,8 @@ put_opt(struct sshbuf *b, const char *name, const char *value)
 
 static void
 build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
-    const struct sshkey *sign_key, const struct sshkey *ca_key)
+    const struct sshkey *sign_key, const struct sshkey *ca_key,
+    const char *sig_alg)
 {
 	struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts;
 	u_char *sigblob;
@@ -93,7 +94,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
 	ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */
 	ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */
 	ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen,
-	    sshbuf_ptr(b), sshbuf_len(b), 0), 0);
+	    sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0);
 	ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
 
 	free(sigblob);
@@ -105,12 +106,13 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
 }
 
 static void
-signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l)
+signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg,
+    const u_char *d, size_t l)
 {
 	size_t len;
 	u_char *sig;
 
-	ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0);
+	ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0);
 	ASSERT_SIZE_T_GT(len, 8);
 	ASSERT_PTR_NE(sig, NULL);
 	ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0);
@@ -137,7 +139,7 @@ banana(u_char *s, size_t l)
 }
 
 static void
-signature_tests(struct sshkey *k, struct sshkey *bad)
+signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg)
 {
 	u_char i, buf[2049];
 	size_t lens[] = {
@@ -149,7 +151,7 @@ signature_tests(struct sshkey *k, struct sshkey *bad)
 		test_subtest_info("%s key, banana length %zu",
 		    sshkey_type(k), lens[i]);
 		banana(buf, lens[i]);
-		signature_test(k, bad, buf, lens[i]);
+		signature_test(k, bad, sig_alg, buf, lens[i]);
 	}
 }
 
@@ -446,7 +448,25 @@ sshkey_tests(void)
 	k1 = get_private("rsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
 	    NULL), 0);
-	signature_tests(k1, k2);
+	signature_tests(k1, k2, "ssh-rsa");
+	sshkey_free(k1);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("sign and verify RSA-SHA256");
+	k1 = get_private("rsa_1");
+	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
+	    NULL), 0);
+	signature_tests(k1, k2, "rsa-sha2-256");
+	sshkey_free(k1);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("sign and verify RSA-SHA512");
+	k1 = get_private("rsa_1");
+	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
+	    NULL), 0);
+	signature_tests(k1, k2, "rsa-sha2-512");
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
@@ -455,7 +475,7 @@ sshkey_tests(void)
 	k1 = get_private("dsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
 	    NULL), 0);
-	signature_tests(k1, k2);
+	signature_tests(k1, k2, NULL);
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
@@ -464,7 +484,7 @@ sshkey_tests(void)
 	k1 = get_private("ecdsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
 	    NULL), 0);
-	signature_tests(k1, k2);
+	signature_tests(k1, k2, NULL);
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
@@ -473,7 +493,7 @@ sshkey_tests(void)
 	k1 = get_private("ed25519_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2,
 	    NULL), 0);
-	signature_tests(k1, k2);
+	signature_tests(k1, k2, NULL);
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
@@ -483,7 +503,7 @@ sshkey_tests(void)
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
 	    NULL), 0);
 	k3 = get_private("rsa_1");
-	build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1);
+	build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL);
 	ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
 	    SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);
 	ASSERT_PTR_EQ(k4, NULL);
author	djm <djm@openbsd.org>	2015-12-07 02:20:46 +0000
committer	djm <djm@openbsd.org>	2015-12-07 02:20:46 +0000
commit	3382e0804030f878d5a73758457b7e06c0506b3c (patch)
tree	799a502acd38876d37cde70f045fed99824a4eac /regress/usr.bin/ssh/unittests/sshkey
parent	NFS can pass a buffer cache buffer straight to VOP_STRATEGY here, so dma_flip is (diff)
download	wireguard-openbsd-3382e0804030f878d5a73758457b7e06c0506b3c.tar.xz wireguard-openbsd-3382e0804030f878d5a73758457b7e06c0506b3c.zip