1 /* $OpenBSD: test_sshkey.c,v 1.33 2026/03/06 06:57:33 dtucker Exp $ */
2 /*
3 * Regress test for sshkey.h key management API
4 *
5 * Placed in the public domain
6 */
7
8 #include "includes.h"
9
10 #include <sys/types.h>
11 #include <paths.h>
12 #include <stdio.h>
13 #include <stdint.h>
14 #include <stdlib.h>
15 #include <string.h>
16
17 #ifdef WITH_OPENSSL
18 #include <openssl/bn.h>
19 #include <openssl/rsa.h>
20 #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
21 # include <openssl/ec.h>
22 #endif
23 #endif
24
25 #include "../test_helper/test_helper.h"
26
27 #include "ssherr.h"
28 #include "sshbuf.h"
29 #define SSHBUF_INTERNAL 1 /* access internals for testing */
30 #include "sshkey.h"
31
32 #include "authfile.h"
33 #include "common.h"
34 #include "ssh2.h"
35
36 void sshkey_tests(void);
37 void sshkey_benchmarks(void);
38
39 static void
put_opt(struct sshbuf * b,const char * name,const char * value)40 put_opt(struct sshbuf *b, const char *name, const char *value)
41 {
42 struct sshbuf *sect;
43
44 sect = sshbuf_new();
45 ASSERT_PTR_NE(sect, NULL);
46 ASSERT_INT_EQ(sshbuf_put_cstring(b, name), 0);
47 if (value != NULL)
48 ASSERT_INT_EQ(sshbuf_put_cstring(sect, value), 0);
49 ASSERT_INT_EQ(sshbuf_put_stringb(b, sect), 0);
50 sshbuf_free(sect);
51 }
52
53 #ifdef WITH_OPENSSL
54 static void
build_cert(struct sshbuf * b,struct sshkey * k,const char * type,struct sshkey * sign_key,struct sshkey * ca_key,const char * sig_alg)55 build_cert(struct sshbuf *b, struct sshkey *k, const char *type,
56 struct sshkey *sign_key, struct sshkey *ca_key,
57 const char *sig_alg)
58 {
59 struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts;
60 u_char *sigblob;
61 size_t siglen;
62
63 ca_buf = sshbuf_new();
64 ASSERT_PTR_NE(ca_buf, NULL);
65 ASSERT_INT_EQ(sshkey_putb(ca_key, ca_buf), 0);
66
67 /*
68 * Get the public key serialisation by rendering the key and skipping
69 * the type string. This is a bit of a hack :/
70 */
71 pk = sshbuf_new();
72 ASSERT_PTR_NE(pk, NULL);
73 ASSERT_INT_EQ(sshkey_putb_plain(k, pk), 0);
74 ASSERT_INT_EQ(sshbuf_skip_string(pk), 0);
75
76 principals = sshbuf_new();
77 ASSERT_PTR_NE(principals, NULL);
78 ASSERT_INT_EQ(sshbuf_put_cstring(principals, "gsamsa"), 0);
79 ASSERT_INT_EQ(sshbuf_put_cstring(principals, "gregor"), 0);
80
81 critopts = sshbuf_new();
82 ASSERT_PTR_NE(critopts, NULL);
83 put_opt(critopts, "force-command", _PATH_LOCALBASE "/bin/nethack");
84 put_opt(critopts, "source-address", "192.168.0.0/24,127.0.0.1,::1");
85
86 exts = sshbuf_new();
87 ASSERT_PTR_NE(exts, NULL);
88 put_opt(critopts, "permit-X11-forwarding", NULL);
89
90 ASSERT_INT_EQ(sshbuf_put_cstring(b, type), 0);
91 ASSERT_INT_EQ(sshbuf_put_cstring(b, "noncenoncenonce!"), 0); /* nonce */
92 ASSERT_INT_EQ(sshbuf_putb(b, pk), 0); /* public key serialisation */
93 ASSERT_INT_EQ(sshbuf_put_u64(b, 1234), 0); /* serial */
94 ASSERT_INT_EQ(sshbuf_put_u32(b, SSH2_CERT_TYPE_USER), 0); /* type */
95 ASSERT_INT_EQ(sshbuf_put_cstring(b, "gregor"), 0); /* key ID */
96 ASSERT_INT_EQ(sshbuf_put_stringb(b, principals), 0); /* principals */
97 ASSERT_INT_EQ(sshbuf_put_u64(b, 0), 0); /* start */
98 ASSERT_INT_EQ(sshbuf_put_u64(b, 0xffffffffffffffffULL), 0); /* end */
99 ASSERT_INT_EQ(sshbuf_put_stringb(b, critopts), 0); /* options */
100 ASSERT_INT_EQ(sshbuf_put_stringb(b, exts), 0); /* extensions */
101 ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */
102 ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */
103 ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen,
104 sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, NULL, 0), 0);
105 ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
106
107 free(sigblob);
108 sshbuf_free(ca_buf);
109 sshbuf_free(exts);
110 sshbuf_free(critopts);
111 sshbuf_free(principals);
112 sshbuf_free(pk);
113 }
114 #endif /* WITH_OPENSSL */
115
116 static void
signature_test(struct sshkey * k,struct sshkey * bad,const char * sig_alg,const u_char * d,size_t l)117 signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg,
118 const u_char *d, size_t l)
119 {
120 size_t len;
121 u_char *sig;
122
123 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg,
124 NULL, NULL, 0), 0);
125 ASSERT_SIZE_T_GT(len, 8);
126 ASSERT_PTR_NE(sig, NULL);
127 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
128 ASSERT_INT_NE(sshkey_verify(bad, sig, len, d, l, NULL, 0, NULL), 0);
129 /* Fuzz test is more comprehensive, this is just a smoke test */
130 sig[len - 5] ^= 0x10;
131 ASSERT_INT_NE(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
132 free(sig);
133 }
134
135 static void
signature_bench(const char * name,int ktype,int bits,const char * sig_alg,const u_char * d,size_t l)136 signature_bench(const char *name, int ktype, int bits, const char *sig_alg,
137 const u_char *d, size_t l)
138 {
139 struct sshkey *k;
140 size_t len;
141 u_char *sig;
142 char testname[256];
143
144 snprintf(testname, sizeof(testname), "sign %s", name);
145 TEST_START(testname);
146 ASSERT_INT_EQ(sshkey_generate(ktype, bits, &k), 0);
147 ASSERT_PTR_NE(k, NULL);
148
149 BENCH_START(testname);
150 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg,
151 NULL, NULL, 0), 0);
152 free(sig);
153 BENCH_FINISH("sign");
154
155 sshkey_free(k);
156 TEST_DONE();
157 }
158
159 static void
verify_bench(const char * name,int ktype,int bits,const char * sig_alg,const u_char * d,size_t l)160 verify_bench(const char *name, int ktype, int bits, const char *sig_alg,
161 const u_char *d, size_t l)
162 {
163 struct sshkey *k;
164 size_t len;
165 u_char *sig;
166 char testname[256];
167
168 snprintf(testname, sizeof(testname), "verify %s", name);
169 TEST_START(testname);
170 ASSERT_INT_EQ(sshkey_generate(ktype, bits, &k), 0);
171 ASSERT_PTR_NE(k, NULL);
172
173 ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg,
174 NULL, NULL, 0), 0);
175 BENCH_START(testname);
176 ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
177 BENCH_FINISH("verify");
178
179 free(sig);
180 sshkey_free(k);
181 TEST_DONE();
182 }
183
184 static void
banana(u_char * s,size_t l)185 banana(u_char *s, size_t l)
186 {
187 size_t o;
188 const u_char the_banana[] = { 'b', 'a', 'n', 'a', 'n', 'a' };
189
190 for (o = 0; o < l; o += sizeof(the_banana)) {
191 if (l - o < sizeof(the_banana)) {
192 memcpy(s + o, "nanananana", l - o);
193 break;
194 }
195 memcpy(s + o, the_banana, sizeof(the_banana));
196 }
197 }
198
199 static void
signature_tests(struct sshkey * k,struct sshkey * bad,const char * sig_alg)200 signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg)
201 {
202 u_char i, buf[2049];
203 size_t lens[] = {
204 1, 2, 7, 8, 9, 15, 16, 17, 31, 32, 33, 127, 128, 129,
205 255, 256, 257, 1023, 1024, 1025, 2047, 2048, 2049
206 };
207
208 for (i = 0; i < (sizeof(lens)/sizeof(lens[0])); i++) {
209 test_subtest_info("%s key, banana length %zu",
210 sshkey_type(k), lens[i]);
211 banana(buf, lens[i]);
212 signature_test(k, bad, sig_alg, buf, lens[i]);
213 }
214 }
215
216 static void
signature_benchmark(const char * name,int ktype,int bits,const char * sig_alg,int bench_verify)217 signature_benchmark(const char *name, int ktype, int bits,
218 const char *sig_alg, int bench_verify)
219 {
220 u_char buf[256];
221
222 banana(buf, sizeof(buf));
223 if (bench_verify)
224 verify_bench(name, ktype, bits, sig_alg, buf, sizeof(buf));
225 else
226 signature_bench(name, ktype, bits, sig_alg, buf, sizeof(buf));
227 }
228
229 static struct sshkey *
get_private(const char * n)230 get_private(const char *n)
231 {
232 struct sshbuf *b;
233 struct sshkey *ret;
234
235 b = load_file(n);
236 ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", &ret, NULL), 0);
237 sshbuf_free(b);
238 return ret;
239 }
240
241 void
sshkey_tests(void)242 sshkey_tests(void)
243 {
244 struct sshkey *k1 = NULL, *k2 = NULL, *k3 = NULL, *kf = NULL;
245 #ifdef WITH_OPENSSL
246 struct sshkey *k4 = NULL, *kr = NULL, *kd = NULL;
247 #ifdef OPENSSL_HAS_ECC
248 struct sshkey *ke = NULL;
249 #endif /* OPENSSL_HAS_ECC */
250 #endif /* WITH_OPENSSL */
251 struct sshbuf *b = NULL;
252
253 TEST_START("new invalid");
254 k1 = sshkey_new(-42);
255 ASSERT_PTR_EQ(k1, NULL);
256 TEST_DONE();
257
258 TEST_START("new/free KEY_UNSPEC");
259 k1 = sshkey_new(KEY_UNSPEC);
260 ASSERT_PTR_NE(k1, NULL);
261 sshkey_free(k1);
262 k1 = NULL;
263 TEST_DONE();
264
265 #ifdef WITH_OPENSSL
266 TEST_START("new/free KEY_RSA");
267 k1 = sshkey_new(KEY_RSA);
268 ASSERT_PTR_NE(k1, NULL);
269 ASSERT_PTR_NE(k1->pkey, NULL);
270 sshkey_free(k1);
271 k1 = NULL;
272 TEST_DONE();
273
274
275 #ifdef OPENSSL_HAS_ECC
276 TEST_START("new/free KEY_ECDSA");
277 k1 = sshkey_new(KEY_ECDSA);
278 ASSERT_PTR_NE(k1, NULL);
279 ASSERT_PTR_EQ(k1->pkey, NULL); /* Can't allocate without NID */
280 sshkey_free(k1);
281 k1 = NULL;
282 TEST_DONE();
283 #endif
284
285 TEST_START("new/free KEY_ED25519");
286 k1 = sshkey_new(KEY_ED25519);
287 ASSERT_PTR_NE(k1, NULL);
288 /* These should be blank until key loaded or generated */
289 ASSERT_PTR_EQ(k1->ed25519_sk, NULL);
290 ASSERT_PTR_EQ(k1->ed25519_pk, NULL);
291 sshkey_free(k1);
292 k1 = NULL;
293 TEST_DONE();
294
295 TEST_START("generate KEY_RSA too small modulus");
296 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),
297 SSH_ERR_KEY_LENGTH);
298 ASSERT_PTR_EQ(k1, NULL);
299 TEST_DONE();
300
301 TEST_START("generate KEY_RSA too large modulus");
302 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1 << 20, &k1),
303 SSH_ERR_KEY_LENGTH);
304 ASSERT_PTR_EQ(k1, NULL);
305 TEST_DONE();
306
307
308 #ifdef OPENSSL_HAS_ECC
309 TEST_START("generate KEY_ECDSA wrong bits");
310 ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
311 SSH_ERR_KEY_LENGTH);
312 ASSERT_PTR_EQ(k1, NULL);
313 sshkey_free(k1);
314 k1 = NULL;
315 TEST_DONE();
316 #endif
317
318 TEST_START("generate KEY_RSA");
319 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 767, &kr),
320 SSH_ERR_KEY_LENGTH);
321 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
322 ASSERT_PTR_NE(kr, NULL);
323 ASSERT_PTR_NE(EVP_PKEY_get0_RSA(kr->pkey), NULL);
324 ASSERT_PTR_NE(rsa_n(kr), NULL);
325 ASSERT_PTR_NE(rsa_e(kr), NULL);
326 ASSERT_PTR_NE(rsa_p(kr), NULL);
327 ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
328 TEST_DONE();
329
330
331 #ifdef OPENSSL_HAS_ECC
332 TEST_START("generate KEY_ECDSA");
333 ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
334 ASSERT_PTR_NE(ke, NULL);
335 ASSERT_PTR_NE(EVP_PKEY_get0_EC_KEY(ke->pkey), NULL);
336 ASSERT_PTR_NE(EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(ke->pkey)),
337 NULL);
338 ASSERT_PTR_NE(EC_KEY_get0_private_key(EVP_PKEY_get0_EC_KEY(ke->pkey)),
339 NULL);
340 TEST_DONE();
341 #endif /* OPENSSL_HAS_ECC */
342 #endif /* WITH_OPENSSL */
343
344 TEST_START("generate KEY_ED25519");
345 ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
346 ASSERT_PTR_NE(kf, NULL);
347 ASSERT_INT_EQ(kf->type, KEY_ED25519);
348 ASSERT_PTR_NE(kf->ed25519_pk, NULL);
349 ASSERT_PTR_NE(kf->ed25519_sk, NULL);
350 TEST_DONE();
351
352 #ifdef WITH_OPENSSL
353 TEST_START("demote KEY_RSA");
354 ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0);
355 ASSERT_PTR_NE(k1, NULL);
356 ASSERT_PTR_NE(kr, k1);
357 ASSERT_INT_EQ(k1->type, KEY_RSA);
358 ASSERT_PTR_NE(EVP_PKEY_get0_RSA(k1->pkey), NULL);
359 ASSERT_PTR_NE(rsa_n(k1), NULL);
360 ASSERT_PTR_NE(rsa_e(k1), NULL);
361 ASSERT_PTR_EQ(rsa_p(k1), NULL);
362 TEST_DONE();
363
364 TEST_START("equal KEY_RSA/demoted KEY_RSA");
365 ASSERT_INT_EQ(sshkey_equal(kr, k1), 1);
366 sshkey_free(k1);
367 k1 = NULL;
368 TEST_DONE();
369
370
371 #ifdef OPENSSL_HAS_ECC
372 TEST_START("demote KEY_ECDSA");
373 ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
374 ASSERT_PTR_NE(k1, NULL);
375 ASSERT_PTR_NE(ke, k1);
376 ASSERT_INT_EQ(k1->type, KEY_ECDSA);
377 ASSERT_PTR_NE(EVP_PKEY_get0_EC_KEY(k1->pkey), NULL);
378 ASSERT_INT_EQ(k1->ecdsa_nid, ke->ecdsa_nid);
379 ASSERT_PTR_NE(EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(ke->pkey)),
380 NULL);
381 ASSERT_PTR_EQ(EC_KEY_get0_private_key(EVP_PKEY_get0_EC_KEY(k1->pkey)),
382 NULL);
383 TEST_DONE();
384
385 TEST_START("equal KEY_ECDSA/demoted KEY_ECDSA");
386 ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
387 sshkey_free(k1);
388 k1 = NULL;
389 TEST_DONE();
390 #endif /* OPENSSL_HAS_ECC */
391 #endif /* WITH_OPENSSL */
392
393 TEST_START("demote KEY_ED25519");
394 ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0);
395 ASSERT_PTR_NE(k1, NULL);
396 ASSERT_PTR_NE(kf, k1);
397 ASSERT_INT_EQ(k1->type, KEY_ED25519);
398 ASSERT_PTR_NE(k1->ed25519_pk, NULL);
399 ASSERT_PTR_EQ(k1->ed25519_sk, NULL);
400 TEST_DONE();
401
402 TEST_START("equal KEY_ED25519/demoted KEY_ED25519");
403 ASSERT_INT_EQ(sshkey_equal(kf, k1), 1);
404 sshkey_free(k1);
405 k1 = NULL;
406 TEST_DONE();
407
408 #ifdef WITH_OPENSSL
409 TEST_START("equal mismatched key types");
410 ASSERT_INT_EQ(sshkey_equal(kd, kr), 0);
411 #ifdef OPENSSL_HAS_ECC
412 ASSERT_INT_EQ(sshkey_equal(kd, ke), 0);
413 ASSERT_INT_EQ(sshkey_equal(kr, ke), 0);
414 ASSERT_INT_EQ(sshkey_equal(ke, kf), 0);
415 #endif /* OPENSSL_HAS_ECC */
416 ASSERT_INT_EQ(sshkey_equal(kd, kf), 0);
417 TEST_DONE();
418 #endif /* WITH_OPENSSL */
419
420 TEST_START("equal different keys");
421 #ifdef WITH_OPENSSL
422 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
423 ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
424 sshkey_free(k1);
425 k1 = NULL;
426 #ifdef OPENSSL_HAS_ECC
427 ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
428 ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
429 sshkey_free(k1);
430 k1 = NULL;
431 #endif /* OPENSSL_HAS_ECC */
432 #endif /* WITH_OPENSSL */
433 ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &k1), 0);
434 ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
435 sshkey_free(k1);
436 k1 = NULL;
437 TEST_DONE();
438
439 #ifdef WITH_OPENSSL
440 sshkey_free(kr);
441 sshkey_free(kd);
442 #ifdef OPENSSL_HAS_ECC
443 sshkey_free(ke);
444 #endif /* OPENSSL_HAS_ECC */
445 #endif /* WITH_OPENSSL */
446 sshkey_free(kf);
447
448 TEST_START("certify key");
449 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"),
450 &k1, NULL), 0);
451 k2 = get_private("ed25519_2");
452 ASSERT_INT_EQ(sshkey_to_certified(k1), 0);
453 ASSERT_PTR_NE(k1->cert, NULL);
454 k1->cert->type = SSH2_CERT_TYPE_USER;
455 k1->cert->serial = 1234;
456 k1->cert->key_id = strdup("estragon");
457 ASSERT_PTR_NE(k1->cert->key_id, NULL);
458 k1->cert->principals = calloc(4, sizeof(*k1->cert->principals));
459 ASSERT_PTR_NE(k1->cert->principals, NULL);
460 k1->cert->principals[0] = strdup("estragon");
461 k1->cert->principals[1] = strdup("vladimir");
462 k1->cert->principals[2] = strdup("pozzo");
463 k1->cert->principals[3] = strdup("lucky");
464 ASSERT_PTR_NE(k1->cert->principals[0], NULL);
465 ASSERT_PTR_NE(k1->cert->principals[1], NULL);
466 ASSERT_PTR_NE(k1->cert->principals[2], NULL);
467 ASSERT_PTR_NE(k1->cert->principals[3], NULL);
468 k1->cert->nprincipals = 4;
469 k1->cert->valid_after = 0;
470 k1->cert->valid_before = (uint64_t)-1;
471 sshbuf_free(k1->cert->critical);
472 k1->cert->critical = sshbuf_new();
473 ASSERT_PTR_NE(k1->cert->critical, NULL);
474 sshbuf_free(k1->cert->extensions);
475 k1->cert->extensions = sshbuf_new();
476 ASSERT_PTR_NE(k1->cert->extensions, NULL);
477 put_opt(k1->cert->critical, "force-command", "/usr/bin/true");
478 put_opt(k1->cert->critical, "source-address", "127.0.0.1");
479 put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL);
480 put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL);
481 ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0);
482 ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL, NULL, NULL), 0);
483 b = sshbuf_new();
484 ASSERT_PTR_NE(b, NULL);
485 ASSERT_INT_EQ(sshkey_putb(k1, b), 0);
486 ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k3), 0);
487
488 sshkey_free(k1);
489 sshkey_free(k2);
490 sshkey_free(k3);
491 k1 = k2 = k3 = NULL;
492 sshbuf_reset(b);
493 TEST_DONE();
494
495 #ifdef WITH_OPENSSL
496 TEST_START("sign and verify RSA");
497 k1 = get_private("rsa_1");
498 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
499 NULL), 0);
500 signature_tests(k1, k2, "ssh-rsa");
501 sshkey_free(k1);
502 sshkey_free(k2);
503 k1 = k2 = NULL;
504 TEST_DONE();
505
506 TEST_START("sign and verify RSA-SHA256");
507 k1 = get_private("rsa_1");
508 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
509 NULL), 0);
510 signature_tests(k1, k2, "rsa-sha2-256");
511 sshkey_free(k1);
512 sshkey_free(k2);
513 k1 = k2 = NULL;
514 TEST_DONE();
515
516 TEST_START("sign and verify RSA-SHA512");
517 k1 = get_private("rsa_1");
518 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
519 NULL), 0);
520 signature_tests(k1, k2, "rsa-sha2-512");
521 sshkey_free(k1);
522 sshkey_free(k2);
523 k1 = k2 = NULL;
524 TEST_DONE();
525
526
527 #ifdef OPENSSL_HAS_ECC
528 TEST_START("sign and verify ECDSA");
529 k1 = get_private("ecdsa_1");
530 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2,
531 NULL), 0);
532 signature_tests(k1, k2, NULL);
533 sshkey_free(k1);
534 sshkey_free(k2);
535 k1 = k2 = NULL;
536 TEST_DONE();
537 #endif /* OPENSSL_HAS_ECC */
538 #endif /* WITH_OPENSSL */
539
540 TEST_START("sign and verify ED25519");
541 k1 = get_private("ed25519_1");
542 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2,
543 NULL), 0);
544 signature_tests(k1, k2, NULL);
545 sshkey_free(k1);
546 sshkey_free(k2);
547 k1 = k2 = NULL;
548 TEST_DONE();
549
550 #ifdef WITH_OPENSSL
551 TEST_START("nested certificate");
552 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
553 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
554 NULL), 0);
555 k3 = get_private("rsa_1");
556 build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL);
557 ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4),
558 SSH_ERR_KEY_CERT_INVALID_SIGN_KEY);
559 ASSERT_PTR_EQ(k4, NULL);
560 sshkey_free(k1);
561 sshkey_free(k2);
562 sshkey_free(k3);
563 k1 = k2 = k3 = NULL;
564 sshbuf_free(b);
565 TEST_DONE();
566 #endif /* WITH_OPENSSL */
567 }
568
569 void
sshkey_benchmarks(void)570 sshkey_benchmarks(void)
571 {
572 struct sshkey *k = NULL;
573
574 #ifdef WITH_OPENSSL
575 BENCH_START("generate RSA-1024");
576 TEST_START("generate KEY_RSA");
577 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k), 0);
578 ASSERT_PTR_NE(k, NULL);
579 sshkey_free(k);
580 k = NULL;
581 TEST_DONE();
582 BENCH_FINISH("keys");
583
584 BENCH_START("generate RSA-2048");
585 TEST_START("generate KEY_RSA");
586 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 2048, &k), 0);
587 ASSERT_PTR_NE(k, NULL);
588 sshkey_free(k);
589 k = NULL;
590 TEST_DONE();
591 BENCH_FINISH("keys");
592
593 BENCH_START("generate ECDSA-256");
594 TEST_START("generate KEY_ECDSA");
595 ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k), 0);
596 ASSERT_PTR_NE(k, NULL);
597 sshkey_free(k);
598 k = NULL;
599 TEST_DONE();
600 BENCH_FINISH("keys");
601
602 BENCH_START("generate ECDSA-384");
603 TEST_START("generate KEY_ECDSA");
604 ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 384, &k), 0);
605 ASSERT_PTR_NE(k, NULL);
606 sshkey_free(k);
607 k = NULL;
608 TEST_DONE();
609 BENCH_FINISH("keys");
610
611 BENCH_START("generate ECDSA-521");
612 TEST_START("generate KEY_ECDSA");
613 ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 521, &k), 0);
614 ASSERT_PTR_NE(k, NULL);
615 sshkey_free(k);
616 k = NULL;
617 TEST_DONE();
618 BENCH_FINISH("keys");
619 #endif /* WITH_OPENSSL */
620
621 BENCH_START("generate ED25519");
622 TEST_START("generate KEY_ED25519");
623 ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &k), 0);
624 ASSERT_PTR_NE(k, NULL);
625 sshkey_free(k);
626 k = NULL;
627 TEST_DONE();
628 BENCH_FINISH("keys");
629
630 #ifdef WITH_OPENSSL
631 /* sign */
632 signature_benchmark("RSA-1024/SHA1", KEY_RSA, 1024, "ssh-rsa", 0);
633 signature_benchmark("RSA-1024/SHA256", KEY_RSA, 1024, "rsa-sha2-256", 0);
634 signature_benchmark("RSA-1024/SHA512", KEY_RSA, 1024, "rsa-sha2-512", 0);
635 signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 0);
636 signature_benchmark("RSA-2048/SHA256", KEY_RSA, 2048, "rsa-sha2-256", 0);
637 signature_benchmark("RSA-2048/SHA512", KEY_RSA, 2048, "rsa-sha2-512", 0);
638 signature_benchmark("ECDSA-256", KEY_ECDSA, 256, NULL, 0);
639 signature_benchmark("ECDSA-384", KEY_ECDSA, 384, NULL, 0);
640 signature_benchmark("ECDSA-521", KEY_ECDSA, 521, NULL, 0);
641 signature_benchmark("ED25519", KEY_ED25519, 0, NULL, 0);
642
643 /* verify */
644 signature_benchmark("RSA-1024/SHA1", KEY_RSA, 1024, "ssh-rsa", 1);
645 signature_benchmark("RSA-1024/SHA256", KEY_RSA, 1024, "rsa-sha2-256", 1);
646 signature_benchmark("RSA-1024/SHA512", KEY_RSA, 1024, "rsa-sha2-512", 1);
647 signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 1);
648 signature_benchmark("RSA-2048/SHA256", KEY_RSA, 2048, "rsa-sha2-256", 1);
649 signature_benchmark("RSA-2048/SHA512", KEY_RSA, 2048, "rsa-sha2-512", 1);
650 signature_benchmark("ECDSA-256", KEY_ECDSA, 256, NULL, 1);
651 signature_benchmark("ECDSA-384", KEY_ECDSA, 384, NULL, 1);
652 signature_benchmark("ECDSA-521", KEY_ECDSA, 521, NULL, 1);
653 #endif /* WITH_OPENSSL */
654 signature_benchmark("ED25519", KEY_ED25519, 0, NULL, 1);
655 }
656