1 /* $OpenBSD: test_file.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include <sys/types.h> 9 #include <sys/param.h> 10 #include <sys/stat.h> 11 #include <fcntl.h> 12 #include <stdio.h> 13 #include <stdint.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <unistd.h> 17 18 #include <openssl/bn.h> 19 #include <openssl/ec.h> 20 #include <openssl/rsa.h> 21 #include <openssl/dsa.h> 22 #include <openssl/objects.h> 23 24 #include "test_helper.h" 25 26 #include "ssherr.h" 27 #include "authfile.h" 28 #include "sshkey.h" 29 #include "sshbuf.h" 30 #include "digest.h" 31 32 #include "common.h" 33 34 void sshkey_file_tests(void); 35 36 void 37 sshkey_file_tests(void) 38 { 39 struct sshkey *k1, *k2; 40 struct sshbuf *buf, *pw; 41 BIGNUM *a, *b, *c; 42 char *cp; 43 44 TEST_START("load passphrase"); 45 pw = load_text_file("pw"); 46 TEST_DONE(); 47 48 #ifdef WITH_SSH1 49 TEST_START("parse RSA1 from private"); 50 buf = load_file("rsa1_1"); 51 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 52 sshbuf_free(buf); 53 ASSERT_PTR_NE(k1, NULL); 54 a = load_bignum("rsa1_1.param.n"); 55 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 56 BN_free(a); 57 TEST_DONE(); 58 59 TEST_START("parse RSA1 from private w/ passphrase"); 60 buf = load_file("rsa1_1_pw"); 61 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 62 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 63 sshbuf_free(buf); 64 ASSERT_PTR_NE(k2, NULL); 65 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 66 sshkey_free(k2); 67 TEST_DONE(); 68 69 TEST_START("load RSA1 from public"); 70 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2, 71 NULL), 0); 72 ASSERT_PTR_NE(k2, NULL); 73 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 74 sshkey_free(k2); 75 TEST_DONE(); 76 77 TEST_START("RSA1 key hex fingerprint"); 78 buf = load_text_file("rsa1_1.fp"); 79 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 80 ASSERT_PTR_NE(cp, NULL); 81 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 82 sshbuf_free(buf); 83 free(cp); 84 TEST_DONE(); 85 86 TEST_START("RSA1 key bubblebabble fingerprint"); 87 buf = load_text_file("rsa1_1.fp.bb"); 88 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 89 ASSERT_PTR_NE(cp, NULL); 90 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 91 sshbuf_free(buf); 92 free(cp); 93 TEST_DONE(); 94 95 sshkey_free(k1); 96 #endif 97 98 TEST_START("parse RSA from private"); 99 buf = load_file("rsa_1"); 100 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 101 sshbuf_free(buf); 102 ASSERT_PTR_NE(k1, NULL); 103 a = load_bignum("rsa_1.param.n"); 104 b = load_bignum("rsa_1.param.p"); 105 c = load_bignum("rsa_1.param.q"); 106 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 107 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 108 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 109 BN_free(a); 110 BN_free(b); 111 BN_free(c); 112 TEST_DONE(); 113 114 TEST_START("parse RSA from private w/ passphrase"); 115 buf = load_file("rsa_1_pw"); 116 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 117 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 118 sshbuf_free(buf); 119 ASSERT_PTR_NE(k2, NULL); 120 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 121 sshkey_free(k2); 122 TEST_DONE(); 123 124 TEST_START("parse RSA from new-format"); 125 buf = load_file("rsa_n"); 126 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 127 sshbuf_free(buf); 128 ASSERT_PTR_NE(k2, NULL); 129 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 130 sshkey_free(k2); 131 TEST_DONE(); 132 133 TEST_START("parse RSA from new-format w/ passphrase"); 134 buf = load_file("rsa_n_pw"); 135 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 136 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 137 sshbuf_free(buf); 138 ASSERT_PTR_NE(k2, NULL); 139 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 140 sshkey_free(k2); 141 TEST_DONE(); 142 143 TEST_START("load RSA from public"); 144 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 145 NULL), 0); 146 ASSERT_PTR_NE(k2, NULL); 147 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 148 sshkey_free(k2); 149 TEST_DONE(); 150 151 TEST_START("load RSA cert"); 152 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 153 ASSERT_PTR_NE(k2, NULL); 154 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 155 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 156 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 157 TEST_DONE(); 158 159 TEST_START("RSA key hex fingerprint"); 160 buf = load_text_file("rsa_1.fp"); 161 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 162 ASSERT_PTR_NE(cp, NULL); 163 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 164 sshbuf_free(buf); 165 free(cp); 166 TEST_DONE(); 167 168 TEST_START("RSA cert hex fingerprint"); 169 buf = load_text_file("rsa_1-cert.fp"); 170 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 171 ASSERT_PTR_NE(cp, NULL); 172 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 173 sshbuf_free(buf); 174 free(cp); 175 sshkey_free(k2); 176 TEST_DONE(); 177 178 TEST_START("RSA key bubblebabble fingerprint"); 179 buf = load_text_file("rsa_1.fp.bb"); 180 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 181 ASSERT_PTR_NE(cp, NULL); 182 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 183 sshbuf_free(buf); 184 free(cp); 185 TEST_DONE(); 186 187 sshkey_free(k1); 188 189 TEST_START("parse DSA from private"); 190 buf = load_file("dsa_1"); 191 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 192 sshbuf_free(buf); 193 ASSERT_PTR_NE(k1, NULL); 194 a = load_bignum("dsa_1.param.g"); 195 b = load_bignum("dsa_1.param.priv"); 196 c = load_bignum("dsa_1.param.pub"); 197 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 198 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 199 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 200 BN_free(a); 201 BN_free(b); 202 BN_free(c); 203 TEST_DONE(); 204 205 TEST_START("parse DSA from private w/ passphrase"); 206 buf = load_file("dsa_1_pw"); 207 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 208 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 209 sshbuf_free(buf); 210 ASSERT_PTR_NE(k2, NULL); 211 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 212 sshkey_free(k2); 213 TEST_DONE(); 214 215 TEST_START("parse DSA from new-format"); 216 buf = load_file("dsa_n"); 217 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 218 sshbuf_free(buf); 219 ASSERT_PTR_NE(k2, NULL); 220 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 221 sshkey_free(k2); 222 TEST_DONE(); 223 224 TEST_START("parse DSA from new-format w/ passphrase"); 225 buf = load_file("dsa_n_pw"); 226 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 227 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 228 sshbuf_free(buf); 229 ASSERT_PTR_NE(k2, NULL); 230 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 231 sshkey_free(k2); 232 TEST_DONE(); 233 234 TEST_START("load DSA from public"); 235 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 236 NULL), 0); 237 ASSERT_PTR_NE(k2, NULL); 238 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 239 sshkey_free(k2); 240 TEST_DONE(); 241 242 TEST_START("load DSA cert"); 243 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 244 ASSERT_PTR_NE(k2, NULL); 245 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 246 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 247 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 248 TEST_DONE(); 249 250 TEST_START("DSA key hex fingerprint"); 251 buf = load_text_file("dsa_1.fp"); 252 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 253 ASSERT_PTR_NE(cp, NULL); 254 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 255 sshbuf_free(buf); 256 free(cp); 257 TEST_DONE(); 258 259 TEST_START("DSA cert hex fingerprint"); 260 buf = load_text_file("dsa_1-cert.fp"); 261 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 262 ASSERT_PTR_NE(cp, NULL); 263 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 264 sshbuf_free(buf); 265 free(cp); 266 sshkey_free(k2); 267 TEST_DONE(); 268 269 TEST_START("DSA key bubblebabble fingerprint"); 270 buf = load_text_file("dsa_1.fp.bb"); 271 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 272 ASSERT_PTR_NE(cp, NULL); 273 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 274 sshbuf_free(buf); 275 free(cp); 276 TEST_DONE(); 277 278 sshkey_free(k1); 279 280 TEST_START("parse ECDSA from private"); 281 buf = load_file("ecdsa_1"); 282 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 283 sshbuf_free(buf); 284 ASSERT_PTR_NE(k1, NULL); 285 buf = load_text_file("ecdsa_1.param.curve"); 286 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 287 OBJ_nid2sn(k1->ecdsa_nid)); 288 sshbuf_free(buf); 289 a = load_bignum("ecdsa_1.param.priv"); 290 b = load_bignum("ecdsa_1.param.pub"); 291 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 292 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 293 NULL, NULL); 294 ASSERT_PTR_NE(c, NULL); 295 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 296 ASSERT_BIGNUM_EQ(b, c); 297 BN_free(a); 298 BN_free(b); 299 BN_free(c); 300 TEST_DONE(); 301 302 TEST_START("parse ECDSA from private w/ passphrase"); 303 buf = load_file("ecdsa_1_pw"); 304 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 305 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 306 sshbuf_free(buf); 307 ASSERT_PTR_NE(k2, NULL); 308 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 309 sshkey_free(k2); 310 TEST_DONE(); 311 312 TEST_START("parse ECDSA from new-format"); 313 buf = load_file("ecdsa_n"); 314 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 315 sshbuf_free(buf); 316 ASSERT_PTR_NE(k2, NULL); 317 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 318 sshkey_free(k2); 319 TEST_DONE(); 320 321 TEST_START("parse ECDSA from new-format w/ passphrase"); 322 buf = load_file("ecdsa_n_pw"); 323 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 324 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 325 sshbuf_free(buf); 326 ASSERT_PTR_NE(k2, NULL); 327 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 328 sshkey_free(k2); 329 TEST_DONE(); 330 331 TEST_START("load ECDSA from public"); 332 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 333 NULL), 0); 334 ASSERT_PTR_NE(k2, NULL); 335 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 336 sshkey_free(k2); 337 TEST_DONE(); 338 339 TEST_START("load ECDSA cert"); 340 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 341 ASSERT_PTR_NE(k2, NULL); 342 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 343 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 344 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 345 TEST_DONE(); 346 347 TEST_START("ECDSA key hex fingerprint"); 348 buf = load_text_file("ecdsa_1.fp"); 349 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 350 ASSERT_PTR_NE(cp, NULL); 351 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 352 sshbuf_free(buf); 353 free(cp); 354 TEST_DONE(); 355 356 TEST_START("ECDSA cert hex fingerprint"); 357 buf = load_text_file("ecdsa_1-cert.fp"); 358 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 359 ASSERT_PTR_NE(cp, NULL); 360 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 361 sshbuf_free(buf); 362 free(cp); 363 sshkey_free(k2); 364 TEST_DONE(); 365 366 TEST_START("ECDSA key bubblebabble fingerprint"); 367 buf = load_text_file("ecdsa_1.fp.bb"); 368 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 369 ASSERT_PTR_NE(cp, NULL); 370 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 371 sshbuf_free(buf); 372 free(cp); 373 TEST_DONE(); 374 375 sshkey_free(k1); 376 377 TEST_START("parse Ed25519 from private"); 378 buf = load_file("ed25519_1"); 379 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 380 sshbuf_free(buf); 381 ASSERT_PTR_NE(k1, NULL); 382 ASSERT_INT_EQ(k1->type, KEY_ED25519); 383 /* XXX check key contents */ 384 TEST_DONE(); 385 386 TEST_START("parse Ed25519 from private w/ passphrase"); 387 buf = load_file("ed25519_1_pw"); 388 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 389 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 390 sshbuf_free(buf); 391 ASSERT_PTR_NE(k2, NULL); 392 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 393 sshkey_free(k2); 394 TEST_DONE(); 395 396 TEST_START("load Ed25519 from public"); 397 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 398 NULL), 0); 399 ASSERT_PTR_NE(k2, NULL); 400 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 401 sshkey_free(k2); 402 TEST_DONE(); 403 404 TEST_START("load Ed25519 cert"); 405 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 406 ASSERT_PTR_NE(k2, NULL); 407 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 408 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 409 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 410 TEST_DONE(); 411 412 TEST_START("Ed25519 key hex fingerprint"); 413 buf = load_text_file("ed25519_1.fp"); 414 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 415 ASSERT_PTR_NE(cp, NULL); 416 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 417 sshbuf_free(buf); 418 free(cp); 419 TEST_DONE(); 420 421 TEST_START("Ed25519 cert hex fingerprint"); 422 buf = load_text_file("ed25519_1-cert.fp"); 423 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 424 ASSERT_PTR_NE(cp, NULL); 425 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 426 sshbuf_free(buf); 427 free(cp); 428 sshkey_free(k2); 429 TEST_DONE(); 430 431 TEST_START("Ed25519 key bubblebabble fingerprint"); 432 buf = load_text_file("ed25519_1.fp.bb"); 433 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 434 ASSERT_PTR_NE(cp, NULL); 435 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 436 sshbuf_free(buf); 437 free(cp); 438 TEST_DONE(); 439 440 sshkey_free(k1); 441 442 sshbuf_free(pw); 443 444 } 445