Greenbone Vulnerability Management Libraries 22.35.9
sshutils_tests.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2025 Greenbone AG
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 */
5
6#include "sshutils.c"
7
8#include <cgreen/cgreen.h>
9#include <cgreen/mocks.h>
10#include <glib.h>
11#include <string.h>
12
13/* PKCS#8 Private Keys */
14
15static const char *test_rsa_pkcs8_encrypted =
16 "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
17 "MIIC3TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIzfBGcP5wd8MCAggA\n"
18 "MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBBFzFqkORQCGsovV40fuoGFBIIC\n"
19 "gOWIjapbrp9CSFdlzvttFDyJWuv7jqW9Go7aCXnvqXWGDbxOlJSM8fAy4mmr0+71\n"
20 "CoIywoqg/3k6tmM3xMRSzql4RaZuDosoD0bAi7CPS2FKb+rMkCzOn8/v14U0QoX6\n"
21 "5lzB6a9PaTc+T5d29hPy/OxJutVOq/VvmoOng9mLcGesdEZXrXbunbJNsI0MHmzi\n"
22 "lwHNAdPkdGGHyMRb3DgRYVrn5XIkVINNTLk/3iKjqAAlP/uSN3cpU0L3+FW4bF3s\n"
23 "xKFktcbD/AbwRd5/W8PGHrMOaSqCiWmOCSdSa1xKNecjFN8SNAiZusp7V/H+ylyL\n"
24 "GPXE1sUL7FX1InwOR9NlVXRizf0696ZvH8aRrORO+j4yGT0XUxrLpS/OQ7Ea2jHs\n"
25 "EitXcC+cKTb0GRMjzp/BtK/yeiOTfo4N1ilTF9wjC+AZbZoS+qWxDxyeJ2x7TDQj\n"
26 "OiTiK3XWUDGzGt/9O1qn8Bguqbidc09oZ0WdRGpYGVZiRIB2Cd6adIEdU+MK58aJ\n"
27 "3qg4E5wQv9uQHoC4KRdsz2wXojXvjg55XUYjerDBAsZKXBXubguGSVDH6w2Xtqf5\n"
28 "DouWZwrHI4YEaF/ObzGfniUI1DXU8l7Zxmsb+BlvwG2JUoec7gVCD45ciL0JMElf\n"
29 "ZdZq+pm+LZ888GEM+4HLu9M5jS+rrj2UqKIR5IpmTa/wYdvBqJi9k4TKfa6DWPjj\n"
30 "ePwQ4I35Ke6rp4mKN/oqfKoH5ArLD5JIvRtqxTcpacw2dcxudf2TMVO92EZB6IgV\n"
31 "dlEZR+MS94rDuR5JwlyCd4wScg8uVL0SwOe7WFXhYDPVf3NeiHQc7ae7fE+IpJGy\n"
32 "RKqIeOPYWQcUa4NgMAv3qMA=\n"
33 "-----END ENCRYPTED PRIVATE KEY-----";
34
35static const char *test_rsa_pkcs8_unencrypted =
36 "-----BEGIN PRIVATE KEY-----\n"
37 "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAM1akpXjXsXSgeKC\n"
38 "FTc+k9x97hGN5bECPYTvP07rod0/UeDI5GQpcA8bpyB8v1QQatYRKRIIcLt+qW3r\n"
39 "qBiXDVG5WN9+ei8m3hvKzjGenbPfP9a50t86df5te1RAWbncZJPHPr4TjgFVh64+\n"
40 "7QVv5HrqXLVSKczVKwLtXJaHzi/fAgMBAAECgYBrTNwzPa8Tpr7/YAE98JDKMXLn\n"
41 "8UEHkKgcgfaOgkj9lkxuLApK2+wVuNlG/GfswPdSC31uUsK09aYKLYyT7Lmj/Zcb\n"
42 "NnrDDcVxK3AtQIlvIgEwO766riv91vPXRiig2xHkyzFJnyDjev9F5gB36LbMU5ZN\n"
43 "3lJswD6lgw30BlDMYQJBAPt2W6ws1AbfoJQJTob2hLRSAmCf/x+Fvv2lb5YINogj\n"
44 "2P+vq51i4YQhYOiIO1vdl0qhfhj+TdyIQ/A7jsb5+B0CQQDRDzbHhbY0p0MUT4rX\n"
45 "2Ysfrt3pEe8cHVdtT6RMiw3IUODWhlWXQJrmV1BgyEM05mgbRWMGz5xgOXG8it0y\n"
46 "/h8rAkBgm1YYzZgfk+aDORgcLbVJ+X/EU3OWTrHTjK1T/I/Guc7yXDEYZBazxocO\n"
47 "jtgPMRCgsW5ad8i+AvPm5VqzAvHZAkEAsWLvYCycheDGkh1L+gqkeaWutWx6LqjW\n"
48 "3fGNv0Td1PKLVHt3dHdk971ufjBulhxKiZk+hTDzxtH3J7vMJNBrMQJBAL/r0j0+\n"
49 "DgBywIZkjLzJwn3w4/wRl6YSr8DRgu8CtTFVozjkA177NpVzznlvfQU8RdNG3bbt\n"
50 "nw3vL7hUSbuvhmY=\n"
51 "-----END PRIVATE KEY-----";
52
53static const char *test_ecdsa_pkcs8_encrypted =
54 "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
55 "MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjlyxUA9O2PHAICCAAw\n"
56 "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEAQIEEO719labTRMgZ32j+ZnBT4YEgZBm\n"
57 "xdt/8ovIPzp07r4rrOJC1tZmoZXeRW8uDMm3OxHx7lV+obwqVh+ZfJHRvFe7ggvT\n"
58 "riL2tGh/eyTV5F/7mtGGhOFyjMAEgE2vT9TCwYwheQ0R690G5K+Mw3vt4xvVVtgD\n"
59 "6XoSuak8bnkXri/KmSFaWD650TMmLYGqGTlAzanoNuU7+8IERwYwvOg7QXaGSbA=\n"
60 "-----END ENCRYPTED PRIVATE KEY-----";
61
62static const char *test_ecdsa_openssh_private =
63 "-----BEGIN OPENSSH PRIVATE KEY-----\n"
64 "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n"
65 "1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTBttsbosZ3Owlvc5aumQJd1W0LMd3X\n"
66 "gi3XxeQmwiGhFd0R1SahBmxMQdp6VXCyOnuUvrTGstFrQi0t3UsAII45AAAAoHkGdWV5Bn\n"
67 "VlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMG22xuixnc7CW9z\n"
68 "lq6ZAl3VbQsx3deCLdfF5CbCIaEV3RHVJqEGbExB2npVcLI6e5S+tMay0WtCLS3dSwAgjj\n"
69 "kAAAAhAOuN88lVWbYX99J/AgA+VPGoBkO2oN2v1kq7wRBSNI2HAAAAAAECAwQFBgc=\n"
70 "-----END OPENSSH PRIVATE KEY-----";
71
72static const char *test_ed25519_pkcs8_encrypted =
73 "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
74 "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjJzcFV4nR8QgICCAAw\n"
75 "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEELktrSEPHfD5f7p/W2OAyusEQC8R\n"
76 "d20mo9N7ywH+619oLIA52Xn7jXefbT/GXBmBPo0GaQV0f0ueg9R0g9rXXu2EgIIG\n"
77 "LQXgDsbD4kdN6Op41FY=\n"
78 "-----END ENCRYPTED PRIVATE KEY-----";
79
80static const char *test_ed25519_openssh_private =
81 "-----BEGIN OPENSSH PRIVATE KEY-----\n"
82 "b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\n"
83 "QyNTUxOQAAACDc//VteiCk/grV3VBgQZpTZcClYUSe/Jah00ZaETd8BAAAAIgYiPkgGIj5\n"
84 "IAAAAAtzc2gtZWQyNTUxOQAAACDc//VteiCk/grV3VBgQZpTZcClYUSe/Jah00ZaETd8BA\n"
85 "AAAEBFmyjnCahpsDze3hjhZTQlH3o+r3/x1b+UX/Pzbx+C2tz/9W16IKT+CtXdUGBBmlNl\n"
86 "wKVhRJ78lqHTRloRN3wEAAAAAAECAwQF\n"
87 "-----END OPENSSH PRIVATE KEY-----";
88
89/* Expected Public Keys */
90
91static const char *test_rsa_public_expected =
92 "ssh-rsa "
93 "AAAAB3NzaC1yc2EAAAADAQABAAAAgQDNWpKV417F0oHighU3PpPcfe4RjeWxAj2E7z9O66HdP1Hg"
94 "yORkKXAPG6cgfL9UEGrWESkSCHC7fqlt66gYlw1RuVjffnovJt4bys4xnp2z3z/"
95 "WudLfOnX+bXtUQFm53GSTxz6+E44BVYeuPu0Fb+R66ly1UinM1SsC7VyWh84v3w==";
96
97static const char *test_ecdsa_public_expected =
98 "ecdsa-sha2-nistp256 "
99 "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMG22xuixnc7CW9zlq6ZAl3V"
100 "bQsx3deCLdfF5CbCIaEV3RHVJqEGbExB2npVcLI6e5S+tMay0WtCLS3dSwAgjjk=";
101
102static const char *test_ed25519_public_expected =
103 "ssh-ed25519 "
104 "AAAAC3NzaC1lZDI1NTE5AAAAINz/9W16IKT+CtXdUGBBmlNlwKVhRJ78lqHTRloRN3wE";
105
106static const char *expected_rsa_sha256_hash =
107 "a581ce248a4a7e7a49603712d9ac4c83fdc491cc908eb430af566cb1975d7f3c";
108
109static const char *expected_ecdsa_sha256_hash =
110 "e176454f3e3de11a826e3b72a7a3971fbf823dbd464512f14340378b647c209a";
111
112static const char *expected_ed25519_sha256_hash =
113 "62ff0717d25f334662fc5d0ca4ecac4db7b5c1cf57f599aa59f664014a2898ec";
114
115Describe (sshutils);
116BeforeEach (sshutils)
117{
118}
119
120AfterEach (sshutils)
121{
122}
123
124/* gvm_ssh_pkcs8_decrypt */
125
126Ensure (sshutils, gvm_ssh_pkcs8_decrypt_returns_null_for_null_pkcs8_key)
127{
128 char *result = gvm_ssh_pkcs8_decrypt (NULL, "passphrase");
129 assert_that (result, is_null);
130}
131
132Ensure (sshutils, gvm_ssh_pkcs8_decrypt_handles_empty_passphrase)
133{
134 // Test functional equivalence: decrypted key should produce expected public
135 // key
136 char *result = gvm_ssh_pkcs8_decrypt (test_rsa_pkcs8_unencrypted, "");
137 assert_that (result, is_not_null);
138
139 // Generate public key from decrypted private key
140 char *pub_from_decrypted = gvm_ssh_public_from_private (result, "");
141
142 assert_that (pub_from_decrypted, is_not_null);
143 assert_that (pub_from_decrypted,
144 is_equal_to_string (test_rsa_public_expected));
145
146 g_free (result);
147 g_free (pub_from_decrypted);
148}
149
150Ensure (sshutils, gvm_ssh_pkcs8_decrypt_handles_null_passphrase)
151{
152 char *result = gvm_ssh_pkcs8_decrypt ("invalid_key", NULL);
153 assert_that (result, is_null);
154}
155
156Ensure (sshutils, gvm_ssh_pkcs8_decrypt_returns_null_for_invalid_key)
157{
158 char *result =
159 gvm_ssh_pkcs8_decrypt ("invalid_pkcs8_key_content", "passphrase");
160 assert_that (result, is_null);
161}
162
163Ensure (sshutils, gvm_ssh_pkcs8_decrypt_decrypts_rsa_key_correctly)
164{
165 char *result =
166 gvm_ssh_pkcs8_decrypt (test_rsa_pkcs8_encrypted, "testpass123");
167 assert_that (result, is_not_null);
168 assert_that (strstr (result, "-----BEGIN RSA PRIVATE KEY-----"), is_not_null);
169 assert_that (strstr (result, "-----END RSA PRIVATE KEY-----"), is_not_null);
170 g_free (result);
171}
172
173Ensure (sshutils, gvm_ssh_pkcs8_decrypt_decrypts_ecdsa_key_correctly)
174{
175 char *result =
176 gvm_ssh_pkcs8_decrypt (test_ecdsa_pkcs8_encrypted, "testpass123");
177 assert_that (result, is_not_null);
178 assert_that (strstr (result, "-----BEGIN EC PRIVATE KEY-----"), is_not_null);
179 assert_that (strstr (result, "-----END EC PRIVATE KEY-----"), is_not_null);
180 g_free (result);
181}
182
183Ensure (sshutils, gvm_ssh_pkcs8_decrypt_decrypts_ed25519_key_correctly)
184{
185 char *result =
186 gvm_ssh_pkcs8_decrypt (test_ed25519_pkcs8_encrypted, "testpass123");
187 assert_that (result, is_not_null);
188 assert_that (strstr (result, "-----BEGIN PRIVATE KEY-----"), is_not_null);
189 assert_that (strstr (result, "-----END PRIVATE KEY-----"), is_not_null);
190 g_free (result);
191}
192
193Ensure (sshutils, gvm_ssh_pkcs8_decrypt_handles_unencrypted_keys)
194{
195 char *result = gvm_ssh_pkcs8_decrypt (test_rsa_pkcs8_unencrypted, "");
196 assert_that (result, is_not_null);
197 assert_that (strstr (result, "-----BEGIN RSA PRIVATE KEY-----"), is_not_null);
198 assert_that (strstr (result, "-----END RSA PRIVATE KEY-----"), is_not_null);
199 g_free (result);
200}
201
202/* gvm_ssh_public_from_private */
203
204Ensure (sshutils, gvm_ssh_public_from_private_returns_null_for_null_private_key)
205{
206 char *result = gvm_ssh_public_from_private (NULL, "passphrase");
207 assert_that (result, is_null);
208}
209
210Ensure (sshutils, gvm_ssh_public_from_private_handles_invalid_private_key)
211{
212 char *result =
213 gvm_ssh_public_from_private ("invalid_private_key", "passphrase");
214 assert_that (result, is_null);
215}
216
217Ensure (sshutils, gvm_ssh_public_from_private_handles_null_passphrase)
218{
219 char *result = gvm_ssh_public_from_private ("invalid_private_key", NULL);
220 assert_that (result, is_null);
221}
222
223Ensure (sshutils, gvm_ssh_public_from_private_handles_empty_passphrase)
224{
225 // This should successfully generate the public key
226 char *result = gvm_ssh_public_from_private (test_rsa_pkcs8_unencrypted, "");
227 assert_that (result, is_not_null);
228 assert_that (strstr (result, "ssh-rsa"), is_not_null);
229 assert_that (result, is_equal_to_string (test_rsa_public_expected));
230 g_free (result);
231}
232
233Ensure (sshutils, gvm_ssh_public_from_private_generates_rsa_public_key)
234{
235 char *result = gvm_ssh_public_from_private (test_rsa_pkcs8_unencrypted, NULL);
236 assert_that (result, is_not_null);
237 assert_that (strstr (result, "ssh-rsa"), is_not_null);
238 // Verify it matches expected format (type + space + base64_key)
239 assert_that (strchr (result, ' '), is_not_null);
240 // Verify that the generated public key matches the expected value
241 assert_that (result, is_equal_to_string (test_rsa_public_expected));
242 g_free (result);
243}
244
245Ensure (sshutils, gvm_ssh_public_from_private_generates_ecdsa_public_key)
246{
247 char *result = gvm_ssh_public_from_private (test_ecdsa_openssh_private, NULL);
248 assert_that (result, is_not_null);
249 assert_that (strstr (result, "ecdsa-sha2-nistp256"), is_not_null);
250 assert_that (strchr (result, ' '), is_not_null);
251 // Verify that the generated public key matches the expected value
252 assert_that (result, is_equal_to_string (test_ecdsa_public_expected));
253 g_free (result);
254}
255
256Ensure (sshutils, gvm_ssh_public_from_private_generates_ed25519_public_key)
257{
258 char *result =
259 gvm_ssh_public_from_private (test_ed25519_openssh_private, NULL);
260 assert_that (result, is_not_null);
261 assert_that (strstr (result, "ssh-ed25519"), is_not_null);
262 assert_that (strchr (result, ' '), is_not_null);
263 // Verify that the generated public key matches the expected value
264 assert_that (result, is_equal_to_string (test_ed25519_public_expected));
265 g_free (result);
266}
267
268Ensure (sshutils, gvm_ssh_public_from_private_handles_encrypted_keys)
269{
270 char *result =
271 gvm_ssh_public_from_private (test_rsa_pkcs8_encrypted, "testpass123");
272 assert_that (result, is_not_null);
273 assert_that (strstr (result, "ssh-rsa"), is_not_null);
274 g_free (result);
275}
276
277Ensure (sshutils, gvm_ssh_public_from_private_handles_wrong_passphrase)
278{
279 char *result =
280 gvm_ssh_public_from_private (test_rsa_pkcs8_encrypted, "wrongpass");
281 assert_that (result, is_null);
282}
283
284/* gvm_ssh_private_key_info */
285
286Ensure (sshutils,
287 gvm_ssh_private_key_info_returns_minus_one_for_null_private_key)
288{
289 const char *type = NULL;
290 char *sha256_hash = NULL;
291 int result =
292 gvm_ssh_private_key_info (NULL, "passphrase", &type, &sha256_hash);
293 assert_that (result, is_equal_to (-1));
294 assert_that (type, is_null);
295 assert_that (sha256_hash, is_null);
296}
297
298Ensure (sshutils, gvm_ssh_private_key_info_handles_null_type_and_hash_pointers)
299{
300 int result =
301 gvm_ssh_private_key_info ("invalid_key", "passphrase", NULL, NULL);
302 assert_that (result, is_equal_to (-1));
303}
304
305Ensure (sshutils, gvm_ssh_private_key_info_handles_null_type_pointer)
306{
307 char *sha256_hash = NULL;
308 int result =
309 gvm_ssh_private_key_info ("invalid_key", "passphrase", NULL, &sha256_hash);
310 assert_that (result, is_equal_to (-1));
311 assert_that (sha256_hash, is_null);
312}
313
314Ensure (sshutils, gvm_ssh_private_key_info_handles_null_hash_pointer)
315{
316 const char *type = NULL;
317 int result =
318 gvm_ssh_private_key_info ("invalid_key", "passphrase", &type, NULL);
319 assert_that (result, is_equal_to (-1));
320 assert_that (type, is_null);
321}
322
323Ensure (sshutils, gvm_ssh_private_key_info_handles_invalid_private_key)
324{
325 const char *type = NULL;
326 char *sha256_hash = NULL;
327 int result = gvm_ssh_private_key_info ("invalid_private_key", "passphrase",
328 &type, &sha256_hash);
329 assert_that (result, is_equal_to (-1));
330 assert_that (type, is_null);
331 assert_that (sha256_hash, is_null);
332}
333
334Ensure (sshutils, gvm_ssh_private_key_info_handles_null_passphrase)
335{
336 const char *type = NULL;
337 char *sha256_hash = NULL;
338 int result =
339 gvm_ssh_private_key_info ("invalid_private_key", NULL, &type, &sha256_hash);
340 assert_that (result, is_equal_to (-1));
341 assert_that (type, is_null);
342 assert_that (sha256_hash, is_null);
343}
344
345Ensure (sshutils, gvm_ssh_private_key_info_handles_empty_passphrase)
346{
347 const char *type = NULL;
348 char *sha256_hash = NULL;
349 // This should successfully extract the key information
350 int result = gvm_ssh_private_key_info (test_rsa_pkcs8_unencrypted, "", &type,
351 &sha256_hash);
352 assert_that (result, is_equal_to (0));
353 assert_that (type, is_not_null);
354 assert_that (sha256_hash, is_not_null);
355 // Verify that the extracted type and hash match the expected values
356 assert_that (type, is_equal_to_string ("ssh-rsa"));
357 assert_that (sha256_hash, is_equal_to_string (expected_rsa_sha256_hash));
358 g_free (sha256_hash);
359}
360
361Ensure (sshutils, gvm_ssh_private_key_info_gets_rsa_key_type_and_hash)
362{
363 const char *type = NULL;
364 char *sha256_hash = NULL;
365 int result = gvm_ssh_private_key_info (test_rsa_pkcs8_unencrypted, NULL,
366 &type, &sha256_hash);
367 assert_that (result, is_equal_to (0));
368 assert_that (type, is_equal_to_string ("ssh-rsa"));
369 assert_that (sha256_hash, is_not_null);
370 assert_that (strlen (sha256_hash),
371 is_equal_to (64)); // SHA-256 hex is 64 chars
372 /* Verify that the hash matches the expected value */
373 assert_that (sha256_hash, is_equal_to_string (expected_rsa_sha256_hash));
374 g_free (sha256_hash);
375}
376
377Ensure (sshutils, gvm_ssh_private_key_info_gets_ecdsa_key_type_and_hash)
378{
379 const char *type = NULL;
380 char *sha256_hash = NULL;
381 int result = gvm_ssh_private_key_info (test_ecdsa_openssh_private, NULL,
382 &type, &sha256_hash);
383 assert_that (result, is_equal_to (0));
384 assert_that (type, is_equal_to_string ("ecdsa-sha2-nistp256"));
385 assert_that (sha256_hash, is_not_null);
386 assert_that (strlen (sha256_hash),
387 is_equal_to (64)); // SHA-256 hex is 64 chars
388 /* Verify that the hash matches the expected value */
389 assert_that (sha256_hash, is_equal_to_string (expected_ecdsa_sha256_hash));
390 g_free (sha256_hash);
391}
392
393Ensure (sshutils, gvm_ssh_private_key_info_gets_ed25519_key_type_and_hash)
394{
395 const char *type = NULL;
396 char *sha256_hash = NULL;
397 int result = gvm_ssh_private_key_info (test_ed25519_openssh_private, NULL,
398 &type, &sha256_hash);
399 assert_that (result, is_equal_to (0));
400 assert_that (type, is_equal_to_string ("ssh-ed25519"));
401 assert_that (sha256_hash, is_not_null);
402 assert_that (strlen (sha256_hash),
403 is_equal_to (64)); // SHA-256 hex is 64 chars
404 /* Verify that the hash matches the expected value */
405 assert_that (sha256_hash, is_equal_to_string (expected_ed25519_sha256_hash));
406 g_free (sha256_hash);
407}
408
409Ensure (sshutils, gvm_ssh_private_key_info_handles_encrypted_keys)
410{
411 const char *type = NULL;
412 char *sha256_hash = NULL;
413 int result = gvm_ssh_private_key_info (test_rsa_pkcs8_encrypted,
414 "testpass123", &type, &sha256_hash);
415 assert_that (result, is_equal_to (0));
416 assert_that (type, is_equal_to_string ("ssh-rsa"));
417 assert_that (sha256_hash, is_not_null);
418 g_free (sha256_hash);
419}
420
421Ensure (sshutils, gvm_ssh_private_key_info_handles_wrong_passphrase)
422{
423 const char *type = NULL;
424 char *sha256_hash = NULL;
425 int result = gvm_ssh_private_key_info (test_rsa_pkcs8_encrypted, "wrongpass",
426 &type, &sha256_hash);
427 assert_that (result, is_equal_to (-1));
428 assert_that (type, is_null);
429 assert_that (sha256_hash, is_null);
430}
431
432Ensure (sshutils, gvm_ssh_private_key_info_can_get_just_type)
433{
434 const char *type = NULL;
435 int result =
436 gvm_ssh_private_key_info (test_rsa_pkcs8_unencrypted, NULL, &type, NULL);
437 assert_that (result, is_equal_to (0));
438 assert_that (type, is_equal_to_string ("ssh-rsa"));
439}
440
441Ensure (sshutils, gvm_ssh_private_key_info_can_get_just_hash)
442{
443 char *sha256_hash = NULL;
444 int result = gvm_ssh_private_key_info (test_rsa_pkcs8_unencrypted, NULL, NULL,
445 &sha256_hash);
446 assert_that (result, is_equal_to (0));
447 assert_that (sha256_hash, is_not_null);
448 assert_that (strlen (sha256_hash),
449 is_equal_to (64)); // SHA-256 hex is 64 chars
450 g_free (sha256_hash);
451}
452
453/* Test suite. */
454
455int
456main (int argc, char **argv)
457{
458 int ret;
459 TestSuite *suite;
460
461 suite = create_test_suite ();
462
463 add_test_with_context (suite, sshutils,
464 gvm_ssh_pkcs8_decrypt_returns_null_for_null_pkcs8_key);
465 add_test_with_context (suite, sshutils,
466 gvm_ssh_pkcs8_decrypt_handles_empty_passphrase);
467 add_test_with_context (suite, sshutils,
468 gvm_ssh_pkcs8_decrypt_handles_null_passphrase);
469 add_test_with_context (suite, sshutils,
470 gvm_ssh_pkcs8_decrypt_returns_null_for_invalid_key);
471 add_test_with_context (suite, sshutils,
472 gvm_ssh_pkcs8_decrypt_decrypts_rsa_key_correctly);
473 add_test_with_context (suite, sshutils,
474 gvm_ssh_pkcs8_decrypt_decrypts_ecdsa_key_correctly);
475 add_test_with_context (suite, sshutils,
476 gvm_ssh_pkcs8_decrypt_decrypts_ed25519_key_correctly);
477 add_test_with_context (suite, sshutils,
478 gvm_ssh_pkcs8_decrypt_handles_unencrypted_keys);
479
480 add_test_with_context (
481 suite, sshutils,
482 gvm_ssh_public_from_private_returns_null_for_null_private_key);
483 add_test_with_context (
484 suite, sshutils, gvm_ssh_public_from_private_handles_invalid_private_key);
485 add_test_with_context (suite, sshutils,
486 gvm_ssh_public_from_private_handles_null_passphrase);
487 add_test_with_context (suite, sshutils,
488 gvm_ssh_public_from_private_handles_empty_passphrase);
489 add_test_with_context (suite, sshutils,
490 gvm_ssh_public_from_private_generates_rsa_public_key);
491 add_test_with_context (
492 suite, sshutils, gvm_ssh_public_from_private_generates_ecdsa_public_key);
493 add_test_with_context (
494 suite, sshutils, gvm_ssh_public_from_private_generates_ed25519_public_key);
495 add_test_with_context (suite, sshutils,
496 gvm_ssh_public_from_private_handles_encrypted_keys);
497 add_test_with_context (suite, sshutils,
498 gvm_ssh_public_from_private_handles_wrong_passphrase);
499
500 add_test_with_context (
501 suite, sshutils,
502 gvm_ssh_private_key_info_returns_minus_one_for_null_private_key);
503 add_test_with_context (
504 suite, sshutils,
505 gvm_ssh_private_key_info_handles_null_type_and_hash_pointers);
506 add_test_with_context (suite, sshutils,
507 gvm_ssh_private_key_info_handles_null_type_pointer);
508 add_test_with_context (suite, sshutils,
509 gvm_ssh_private_key_info_handles_null_hash_pointer);
510 add_test_with_context (suite, sshutils,
511 gvm_ssh_private_key_info_handles_invalid_private_key);
512 add_test_with_context (suite, sshutils,
513 gvm_ssh_private_key_info_handles_null_passphrase);
514 add_test_with_context (suite, sshutils,
515 gvm_ssh_private_key_info_handles_empty_passphrase);
516 add_test_with_context (suite, sshutils,
517 gvm_ssh_private_key_info_gets_rsa_key_type_and_hash);
518 add_test_with_context (suite, sshutils,
519 gvm_ssh_private_key_info_gets_ecdsa_key_type_and_hash);
520 add_test_with_context (
521 suite, sshutils, gvm_ssh_private_key_info_gets_ed25519_key_type_and_hash);
522 add_test_with_context (suite, sshutils,
523 gvm_ssh_private_key_info_handles_encrypted_keys);
524 add_test_with_context (suite, sshutils,
525 gvm_ssh_private_key_info_handles_wrong_passphrase);
526 add_test_with_context (suite, sshutils,
527 gvm_ssh_private_key_info_can_get_just_type);
528 add_test_with_context (suite, sshutils,
529 gvm_ssh_private_key_info_can_get_just_hash);
530
531 if (argc > 1)
532 ret = run_single_test (suite, argv[1], create_text_reporter ());
533 else
534 ret = run_test_suite (suite, create_text_reporter ());
535
536 destroy_test_suite (suite);
537
538 return ret;
539}
sshutils.c
Implementation of SSH related API.
gvm_ssh_private_key_info
int gvm_ssh_private_key_info(const char *private_key, const char *passphrase, const char **type, char **sha256_hash)
Gets information from a SSH private key.
Definition sshutils.c:116
gvm_ssh_pkcs8_decrypt
char * gvm_ssh_pkcs8_decrypt(const char *pkcs8_key, const char *passphrase)
Decrypts a base64 encrypted ssh private key.
Definition sshutils.c:34
gvm_ssh_public_from_private
char * gvm_ssh_public_from_private(const char *private_key, const char *passphrase)
Exports a base64 encoded public key from a private key and its passphrase.
Definition sshutils.c:75
test_ed25519_openssh_private
static const char * test_ed25519_openssh_private
Definition sshutils_tests.c:80
test_ecdsa_pkcs8_encrypted
static const char * test_ecdsa_pkcs8_encrypted
Definition sshutils_tests.c:53
test_rsa_pkcs8_unencrypted
static const char * test_rsa_pkcs8_unencrypted
Definition sshutils_tests.c:35
expected_rsa_sha256_hash
static const char * expected_rsa_sha256_hash
Definition sshutils_tests.c:106
AfterEach
AfterEach(sshutils)
Definition sshutils_tests.c:120
test_rsa_pkcs8_encrypted
static const char * test_rsa_pkcs8_encrypted
Definition sshutils_tests.c:15
Describe
Describe(sshutils)
test_ed25519_pkcs8_encrypted
static const char * test_ed25519_pkcs8_encrypted
Definition sshutils_tests.c:72
main
int main(int argc, char **argv)
Definition sshutils_tests.c:456
expected_ed25519_sha256_hash
static const char * expected_ed25519_sha256_hash
Definition sshutils_tests.c:112
test_ecdsa_openssh_private
static const char * test_ecdsa_openssh_private
Definition sshutils_tests.c:62
expected_ecdsa_sha256_hash
static const char * expected_ecdsa_sha256_hash
Definition sshutils_tests.c:109
test_ecdsa_public_expected
static const char * test_ecdsa_public_expected
Definition sshutils_tests.c:97
test_ed25519_public_expected
static const char * test_ed25519_public_expected
Definition sshutils_tests.c:102
BeforeEach
BeforeEach(sshutils)
Definition sshutils_tests.c:116
Ensure
Ensure(sshutils, gvm_ssh_pkcs8_decrypt_returns_null_for_null_pkcs8_key)
Definition sshutils_tests.c:126
test_rsa_public_expected
static const char * test_rsa_public_expected
Definition sshutils_tests.c:91