1 /* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include <sys/types.h> 9 #include <sys/param.h> 10 #include <sys/stat.h> 11 #include <fcntl.h> 12 #include <stdio.h> 13 #include <stdint.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <unistd.h> 17 18 #include <openssl/bn.h> 19 #include <openssl/ec.h> 20 #include <openssl/rsa.h> 21 #include <openssl/dsa.h> 22 #include <openssl/objects.h> 23 24 #include "test_helper.h" 25 26 #include "ssherr.h" 27 #include "authfile.h" 28 #include "sshkey.h" 29 #include "sshbuf.h" 30 #include "digest.h" 31 32 #include "common.h" 33 34 void sshkey_file_tests(void); 35 36 void 37 sshkey_file_tests(void) 38 { 39 struct sshkey *k1, *k2; 40 struct sshbuf *buf, *pw; 41 BIGNUM *a, *b, *c; 42 char *cp; 43 44 TEST_START("load passphrase"); 45 pw = load_text_file("pw"); 46 TEST_DONE(); 47 48 49 TEST_START("parse RSA from private"); 50 buf = load_file("rsa_1"); 51 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 52 sshbuf_free(buf); 53 ASSERT_PTR_NE(k1, NULL); 54 a = load_bignum("rsa_1.param.n"); 55 b = load_bignum("rsa_1.param.p"); 56 c = load_bignum("rsa_1.param.q"); 57 ASSERT_BIGNUM_EQ(rsa_n(k1), a); 58 ASSERT_BIGNUM_EQ(rsa_p(k1), b); 59 ASSERT_BIGNUM_EQ(rsa_q(k1), c); 60 BN_free(a); 61 BN_free(b); 62 BN_free(c); 63 TEST_DONE(); 64 65 TEST_START("parse RSA from private w/ passphrase"); 66 buf = load_file("rsa_1_pw"); 67 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 68 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 69 sshbuf_free(buf); 70 ASSERT_PTR_NE(k2, NULL); 71 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 72 sshkey_free(k2); 73 TEST_DONE(); 74 75 TEST_START("parse RSA from new-format"); 76 buf = load_file("rsa_n"); 77 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 78 sshbuf_free(buf); 79 ASSERT_PTR_NE(k2, NULL); 80 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 81 sshkey_free(k2); 82 TEST_DONE(); 83 84 TEST_START("parse RSA from new-format w/ passphrase"); 85 buf = load_file("rsa_n_pw"); 86 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 87 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 88 sshbuf_free(buf); 89 ASSERT_PTR_NE(k2, NULL); 90 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 91 sshkey_free(k2); 92 TEST_DONE(); 93 94 TEST_START("load RSA from public"); 95 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 96 NULL), 0); 97 ASSERT_PTR_NE(k2, NULL); 98 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 99 sshkey_free(k2); 100 TEST_DONE(); 101 102 TEST_START("load RSA cert with SHA1 signature"); 103 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0); 104 ASSERT_PTR_NE(k2, NULL); 105 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 106 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 107 ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa"); 108 sshkey_free(k2); 109 TEST_DONE(); 110 111 TEST_START("load RSA cert with SHA512 signature"); 112 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0); 113 ASSERT_PTR_NE(k2, NULL); 114 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 115 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 116 ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512"); 117 sshkey_free(k2); 118 TEST_DONE(); 119 120 TEST_START("load RSA cert"); 121 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 122 ASSERT_PTR_NE(k2, NULL); 123 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 124 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 125 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 126 TEST_DONE(); 127 128 TEST_START("RSA key hex fingerprint"); 129 buf = load_text_file("rsa_1.fp"); 130 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 131 ASSERT_PTR_NE(cp, NULL); 132 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 133 sshbuf_free(buf); 134 free(cp); 135 TEST_DONE(); 136 137 TEST_START("RSA cert hex fingerprint"); 138 buf = load_text_file("rsa_1-cert.fp"); 139 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 140 ASSERT_PTR_NE(cp, NULL); 141 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 142 sshbuf_free(buf); 143 free(cp); 144 sshkey_free(k2); 145 TEST_DONE(); 146 147 TEST_START("RSA key bubblebabble fingerprint"); 148 buf = load_text_file("rsa_1.fp.bb"); 149 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 150 ASSERT_PTR_NE(cp, NULL); 151 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 152 sshbuf_free(buf); 153 free(cp); 154 TEST_DONE(); 155 156 sshkey_free(k1); 157 158 TEST_START("parse DSA from private"); 159 buf = load_file("dsa_1"); 160 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 161 sshbuf_free(buf); 162 ASSERT_PTR_NE(k1, NULL); 163 a = load_bignum("dsa_1.param.g"); 164 b = load_bignum("dsa_1.param.priv"); 165 c = load_bignum("dsa_1.param.pub"); 166 ASSERT_BIGNUM_EQ(dsa_g(k1), a); 167 ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b); 168 ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c); 169 BN_free(a); 170 BN_free(b); 171 BN_free(c); 172 TEST_DONE(); 173 174 TEST_START("parse DSA from private w/ passphrase"); 175 buf = load_file("dsa_1_pw"); 176 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 177 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 178 sshbuf_free(buf); 179 ASSERT_PTR_NE(k2, NULL); 180 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 181 sshkey_free(k2); 182 TEST_DONE(); 183 184 TEST_START("parse DSA from new-format"); 185 buf = load_file("dsa_n"); 186 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 187 sshbuf_free(buf); 188 ASSERT_PTR_NE(k2, NULL); 189 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 190 sshkey_free(k2); 191 TEST_DONE(); 192 193 TEST_START("parse DSA from new-format w/ passphrase"); 194 buf = load_file("dsa_n_pw"); 195 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 196 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 197 sshbuf_free(buf); 198 ASSERT_PTR_NE(k2, NULL); 199 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 200 sshkey_free(k2); 201 TEST_DONE(); 202 203 TEST_START("load DSA from public"); 204 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 205 NULL), 0); 206 ASSERT_PTR_NE(k2, NULL); 207 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 208 sshkey_free(k2); 209 TEST_DONE(); 210 211 TEST_START("load DSA cert"); 212 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 213 ASSERT_PTR_NE(k2, NULL); 214 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 215 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 216 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 217 TEST_DONE(); 218 219 TEST_START("DSA key hex fingerprint"); 220 buf = load_text_file("dsa_1.fp"); 221 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 222 ASSERT_PTR_NE(cp, NULL); 223 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 224 sshbuf_free(buf); 225 free(cp); 226 TEST_DONE(); 227 228 TEST_START("DSA cert hex fingerprint"); 229 buf = load_text_file("dsa_1-cert.fp"); 230 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 231 ASSERT_PTR_NE(cp, NULL); 232 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 233 sshbuf_free(buf); 234 free(cp); 235 sshkey_free(k2); 236 TEST_DONE(); 237 238 TEST_START("DSA key bubblebabble fingerprint"); 239 buf = load_text_file("dsa_1.fp.bb"); 240 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 241 ASSERT_PTR_NE(cp, NULL); 242 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 243 sshbuf_free(buf); 244 free(cp); 245 TEST_DONE(); 246 247 sshkey_free(k1); 248 249 TEST_START("parse ECDSA from private"); 250 buf = load_file("ecdsa_1"); 251 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 252 sshbuf_free(buf); 253 ASSERT_PTR_NE(k1, NULL); 254 buf = load_text_file("ecdsa_1.param.curve"); 255 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 256 OBJ_nid2sn(k1->ecdsa_nid)); 257 sshbuf_free(buf); 258 a = load_bignum("ecdsa_1.param.priv"); 259 b = load_bignum("ecdsa_1.param.pub"); 260 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 261 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 262 NULL, NULL); 263 ASSERT_PTR_NE(c, NULL); 264 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 265 ASSERT_BIGNUM_EQ(b, c); 266 BN_free(a); 267 BN_free(b); 268 BN_free(c); 269 TEST_DONE(); 270 271 TEST_START("parse ECDSA from private w/ passphrase"); 272 buf = load_file("ecdsa_1_pw"); 273 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 274 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 275 sshbuf_free(buf); 276 ASSERT_PTR_NE(k2, NULL); 277 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 278 sshkey_free(k2); 279 TEST_DONE(); 280 281 TEST_START("parse ECDSA from new-format"); 282 buf = load_file("ecdsa_n"); 283 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 284 sshbuf_free(buf); 285 ASSERT_PTR_NE(k2, NULL); 286 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 287 sshkey_free(k2); 288 TEST_DONE(); 289 290 TEST_START("parse ECDSA from new-format w/ passphrase"); 291 buf = load_file("ecdsa_n_pw"); 292 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 293 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 294 sshbuf_free(buf); 295 ASSERT_PTR_NE(k2, NULL); 296 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 297 sshkey_free(k2); 298 TEST_DONE(); 299 300 TEST_START("load ECDSA from public"); 301 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 302 NULL), 0); 303 ASSERT_PTR_NE(k2, NULL); 304 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 305 sshkey_free(k2); 306 TEST_DONE(); 307 308 TEST_START("load ECDSA cert"); 309 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 310 ASSERT_PTR_NE(k2, NULL); 311 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 312 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 313 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 314 TEST_DONE(); 315 316 TEST_START("ECDSA key hex fingerprint"); 317 buf = load_text_file("ecdsa_1.fp"); 318 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 319 ASSERT_PTR_NE(cp, NULL); 320 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 321 sshbuf_free(buf); 322 free(cp); 323 TEST_DONE(); 324 325 TEST_START("ECDSA cert hex fingerprint"); 326 buf = load_text_file("ecdsa_1-cert.fp"); 327 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 328 ASSERT_PTR_NE(cp, NULL); 329 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 330 sshbuf_free(buf); 331 free(cp); 332 sshkey_free(k2); 333 TEST_DONE(); 334 335 TEST_START("ECDSA key bubblebabble fingerprint"); 336 buf = load_text_file("ecdsa_1.fp.bb"); 337 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 338 ASSERT_PTR_NE(cp, NULL); 339 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 340 sshbuf_free(buf); 341 free(cp); 342 TEST_DONE(); 343 344 sshkey_free(k1); 345 346 TEST_START("parse Ed25519 from private"); 347 buf = load_file("ed25519_1"); 348 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 349 sshbuf_free(buf); 350 ASSERT_PTR_NE(k1, NULL); 351 ASSERT_INT_EQ(k1->type, KEY_ED25519); 352 /* XXX check key contents */ 353 TEST_DONE(); 354 355 TEST_START("parse Ed25519 from private w/ passphrase"); 356 buf = load_file("ed25519_1_pw"); 357 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 358 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 359 sshbuf_free(buf); 360 ASSERT_PTR_NE(k2, NULL); 361 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 362 sshkey_free(k2); 363 TEST_DONE(); 364 365 TEST_START("load Ed25519 from public"); 366 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 367 NULL), 0); 368 ASSERT_PTR_NE(k2, NULL); 369 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 370 sshkey_free(k2); 371 TEST_DONE(); 372 373 TEST_START("load Ed25519 cert"); 374 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 375 ASSERT_PTR_NE(k2, NULL); 376 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 377 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 378 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 379 TEST_DONE(); 380 381 TEST_START("Ed25519 key hex fingerprint"); 382 buf = load_text_file("ed25519_1.fp"); 383 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 384 ASSERT_PTR_NE(cp, NULL); 385 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 386 sshbuf_free(buf); 387 free(cp); 388 TEST_DONE(); 389 390 TEST_START("Ed25519 cert hex fingerprint"); 391 buf = load_text_file("ed25519_1-cert.fp"); 392 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 393 ASSERT_PTR_NE(cp, NULL); 394 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 395 sshbuf_free(buf); 396 free(cp); 397 sshkey_free(k2); 398 TEST_DONE(); 399 400 TEST_START("Ed25519 key bubblebabble fingerprint"); 401 buf = load_text_file("ed25519_1.fp.bb"); 402 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 403 ASSERT_PTR_NE(cp, NULL); 404 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 405 sshbuf_free(buf); 406 free(cp); 407 TEST_DONE(); 408 409 sshkey_free(k1); 410 411 sshbuf_free(pw); 412 413 } 414