1 /* $OpenBSD: test_file.c,v 1.6 2017/04/30 23:33:48 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include <sys/types.h> 9 #include <sys/param.h> 10 #include <sys/stat.h> 11 #include <fcntl.h> 12 #include <stdio.h> 13 #include <stdint.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <unistd.h> 17 18 #include <openssl/bn.h> 19 #include <openssl/ec.h> 20 #include <openssl/rsa.h> 21 #include <openssl/dsa.h> 22 #include <openssl/objects.h> 23 24 #include "test_helper.h" 25 26 #include "ssherr.h" 27 #include "authfile.h" 28 #include "sshkey.h" 29 #include "sshbuf.h" 30 #include "digest.h" 31 32 #include "common.h" 33 34 void sshkey_file_tests(void); 35 36 void 37 sshkey_file_tests(void) 38 { 39 struct sshkey *k1, *k2; 40 struct sshbuf *buf, *pw; 41 BIGNUM *a, *b, *c; 42 char *cp; 43 44 TEST_START("load passphrase"); 45 pw = load_text_file("pw"); 46 TEST_DONE(); 47 48 49 TEST_START("parse RSA from private"); 50 buf = load_file("rsa_1"); 51 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 52 sshbuf_free(buf); 53 ASSERT_PTR_NE(k1, NULL); 54 a = load_bignum("rsa_1.param.n"); 55 b = load_bignum("rsa_1.param.p"); 56 c = load_bignum("rsa_1.param.q"); 57 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 58 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 59 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 60 BN_free(a); 61 BN_free(b); 62 BN_free(c); 63 TEST_DONE(); 64 65 TEST_START("parse RSA from private w/ passphrase"); 66 buf = load_file("rsa_1_pw"); 67 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 68 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 69 sshbuf_free(buf); 70 ASSERT_PTR_NE(k2, NULL); 71 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 72 sshkey_free(k2); 73 TEST_DONE(); 74 75 TEST_START("parse RSA from new-format"); 76 buf = load_file("rsa_n"); 77 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 78 sshbuf_free(buf); 79 ASSERT_PTR_NE(k2, NULL); 80 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 81 sshkey_free(k2); 82 TEST_DONE(); 83 84 TEST_START("parse RSA from new-format w/ passphrase"); 85 buf = load_file("rsa_n_pw"); 86 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 87 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 88 sshbuf_free(buf); 89 ASSERT_PTR_NE(k2, NULL); 90 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 91 sshkey_free(k2); 92 TEST_DONE(); 93 94 TEST_START("load RSA from public"); 95 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 96 NULL), 0); 97 ASSERT_PTR_NE(k2, NULL); 98 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 99 sshkey_free(k2); 100 TEST_DONE(); 101 102 TEST_START("load RSA cert"); 103 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 104 ASSERT_PTR_NE(k2, NULL); 105 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 106 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 107 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 108 TEST_DONE(); 109 110 TEST_START("RSA key hex fingerprint"); 111 buf = load_text_file("rsa_1.fp"); 112 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 113 ASSERT_PTR_NE(cp, NULL); 114 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 115 sshbuf_free(buf); 116 free(cp); 117 TEST_DONE(); 118 119 TEST_START("RSA cert hex fingerprint"); 120 buf = load_text_file("rsa_1-cert.fp"); 121 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 122 ASSERT_PTR_NE(cp, NULL); 123 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 124 sshbuf_free(buf); 125 free(cp); 126 sshkey_free(k2); 127 TEST_DONE(); 128 129 TEST_START("RSA key bubblebabble fingerprint"); 130 buf = load_text_file("rsa_1.fp.bb"); 131 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 132 ASSERT_PTR_NE(cp, NULL); 133 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 134 sshbuf_free(buf); 135 free(cp); 136 TEST_DONE(); 137 138 sshkey_free(k1); 139 140 TEST_START("parse DSA from private"); 141 buf = load_file("dsa_1"); 142 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 143 sshbuf_free(buf); 144 ASSERT_PTR_NE(k1, NULL); 145 a = load_bignum("dsa_1.param.g"); 146 b = load_bignum("dsa_1.param.priv"); 147 c = load_bignum("dsa_1.param.pub"); 148 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 149 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 150 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 151 BN_free(a); 152 BN_free(b); 153 BN_free(c); 154 TEST_DONE(); 155 156 TEST_START("parse DSA from private w/ passphrase"); 157 buf = load_file("dsa_1_pw"); 158 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 159 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 160 sshbuf_free(buf); 161 ASSERT_PTR_NE(k2, NULL); 162 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 163 sshkey_free(k2); 164 TEST_DONE(); 165 166 TEST_START("parse DSA from new-format"); 167 buf = load_file("dsa_n"); 168 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 169 sshbuf_free(buf); 170 ASSERT_PTR_NE(k2, NULL); 171 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 172 sshkey_free(k2); 173 TEST_DONE(); 174 175 TEST_START("parse DSA from new-format w/ passphrase"); 176 buf = load_file("dsa_n_pw"); 177 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 178 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 179 sshbuf_free(buf); 180 ASSERT_PTR_NE(k2, NULL); 181 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 182 sshkey_free(k2); 183 TEST_DONE(); 184 185 TEST_START("load DSA from public"); 186 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 187 NULL), 0); 188 ASSERT_PTR_NE(k2, NULL); 189 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 190 sshkey_free(k2); 191 TEST_DONE(); 192 193 TEST_START("load DSA cert"); 194 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 195 ASSERT_PTR_NE(k2, NULL); 196 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 197 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 198 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 199 TEST_DONE(); 200 201 TEST_START("DSA key hex fingerprint"); 202 buf = load_text_file("dsa_1.fp"); 203 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 204 ASSERT_PTR_NE(cp, NULL); 205 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 206 sshbuf_free(buf); 207 free(cp); 208 TEST_DONE(); 209 210 TEST_START("DSA cert hex fingerprint"); 211 buf = load_text_file("dsa_1-cert.fp"); 212 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 213 ASSERT_PTR_NE(cp, NULL); 214 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 215 sshbuf_free(buf); 216 free(cp); 217 sshkey_free(k2); 218 TEST_DONE(); 219 220 TEST_START("DSA key bubblebabble fingerprint"); 221 buf = load_text_file("dsa_1.fp.bb"); 222 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 223 ASSERT_PTR_NE(cp, NULL); 224 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 225 sshbuf_free(buf); 226 free(cp); 227 TEST_DONE(); 228 229 sshkey_free(k1); 230 231 TEST_START("parse ECDSA from private"); 232 buf = load_file("ecdsa_1"); 233 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 234 sshbuf_free(buf); 235 ASSERT_PTR_NE(k1, NULL); 236 buf = load_text_file("ecdsa_1.param.curve"); 237 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 238 OBJ_nid2sn(k1->ecdsa_nid)); 239 sshbuf_free(buf); 240 a = load_bignum("ecdsa_1.param.priv"); 241 b = load_bignum("ecdsa_1.param.pub"); 242 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 243 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 244 NULL, NULL); 245 ASSERT_PTR_NE(c, NULL); 246 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 247 ASSERT_BIGNUM_EQ(b, c); 248 BN_free(a); 249 BN_free(b); 250 BN_free(c); 251 TEST_DONE(); 252 253 TEST_START("parse ECDSA from private w/ passphrase"); 254 buf = load_file("ecdsa_1_pw"); 255 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 256 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 257 sshbuf_free(buf); 258 ASSERT_PTR_NE(k2, NULL); 259 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 260 sshkey_free(k2); 261 TEST_DONE(); 262 263 TEST_START("parse ECDSA from new-format"); 264 buf = load_file("ecdsa_n"); 265 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 266 sshbuf_free(buf); 267 ASSERT_PTR_NE(k2, NULL); 268 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 269 sshkey_free(k2); 270 TEST_DONE(); 271 272 TEST_START("parse ECDSA from new-format w/ passphrase"); 273 buf = load_file("ecdsa_n_pw"); 274 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 275 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 276 sshbuf_free(buf); 277 ASSERT_PTR_NE(k2, NULL); 278 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 279 sshkey_free(k2); 280 TEST_DONE(); 281 282 TEST_START("load ECDSA from public"); 283 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 284 NULL), 0); 285 ASSERT_PTR_NE(k2, NULL); 286 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 287 sshkey_free(k2); 288 TEST_DONE(); 289 290 TEST_START("load ECDSA cert"); 291 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 292 ASSERT_PTR_NE(k2, NULL); 293 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 294 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 295 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 296 TEST_DONE(); 297 298 TEST_START("ECDSA key hex fingerprint"); 299 buf = load_text_file("ecdsa_1.fp"); 300 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 301 ASSERT_PTR_NE(cp, NULL); 302 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 303 sshbuf_free(buf); 304 free(cp); 305 TEST_DONE(); 306 307 TEST_START("ECDSA cert hex fingerprint"); 308 buf = load_text_file("ecdsa_1-cert.fp"); 309 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 310 ASSERT_PTR_NE(cp, NULL); 311 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 312 sshbuf_free(buf); 313 free(cp); 314 sshkey_free(k2); 315 TEST_DONE(); 316 317 TEST_START("ECDSA key bubblebabble fingerprint"); 318 buf = load_text_file("ecdsa_1.fp.bb"); 319 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 320 ASSERT_PTR_NE(cp, NULL); 321 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 322 sshbuf_free(buf); 323 free(cp); 324 TEST_DONE(); 325 326 sshkey_free(k1); 327 328 TEST_START("parse Ed25519 from private"); 329 buf = load_file("ed25519_1"); 330 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 331 sshbuf_free(buf); 332 ASSERT_PTR_NE(k1, NULL); 333 ASSERT_INT_EQ(k1->type, KEY_ED25519); 334 /* XXX check key contents */ 335 TEST_DONE(); 336 337 TEST_START("parse Ed25519 from private w/ passphrase"); 338 buf = load_file("ed25519_1_pw"); 339 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 340 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 341 sshbuf_free(buf); 342 ASSERT_PTR_NE(k2, NULL); 343 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 344 sshkey_free(k2); 345 TEST_DONE(); 346 347 TEST_START("load Ed25519 from public"); 348 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 349 NULL), 0); 350 ASSERT_PTR_NE(k2, NULL); 351 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 352 sshkey_free(k2); 353 TEST_DONE(); 354 355 TEST_START("load Ed25519 cert"); 356 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 357 ASSERT_PTR_NE(k2, NULL); 358 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 359 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 360 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 361 TEST_DONE(); 362 363 TEST_START("Ed25519 key hex fingerprint"); 364 buf = load_text_file("ed25519_1.fp"); 365 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 366 ASSERT_PTR_NE(cp, NULL); 367 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 368 sshbuf_free(buf); 369 free(cp); 370 TEST_DONE(); 371 372 TEST_START("Ed25519 cert hex fingerprint"); 373 buf = load_text_file("ed25519_1-cert.fp"); 374 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 375 ASSERT_PTR_NE(cp, NULL); 376 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 377 sshbuf_free(buf); 378 free(cp); 379 sshkey_free(k2); 380 TEST_DONE(); 381 382 TEST_START("Ed25519 key bubblebabble fingerprint"); 383 buf = load_text_file("ed25519_1.fp.bb"); 384 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 385 ASSERT_PTR_NE(cp, NULL); 386 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 387 sshbuf_free(buf); 388 free(cp); 389 TEST_DONE(); 390 391 sshkey_free(k1); 392 393 sshbuf_free(pw); 394 395 } 396