1 /* $OpenBSD: test_file.c,v 1.1 2014/06/24 01:14:18 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #ifdef HAVE_STDINT_H 16 #include <stdint.h> 17 #endif 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 22 #include <openssl/bn.h> 23 #include <openssl/rsa.h> 24 #include <openssl/dsa.h> 25 #include <openssl/objects.h> 26 #ifdef OPENSSL_HAS_NISTP256 27 # include <openssl/ec.h> 28 #endif 29 30 #include "../test_helper/test_helper.h" 31 32 #include "ssherr.h" 33 #include "authfile.h" 34 #include "sshkey.h" 35 #include "sshbuf.h" 36 37 #include "common.h" 38 39 void sshkey_file_tests(void); 40 41 void 42 sshkey_file_tests(void) 43 { 44 struct sshkey *k1, *k2; 45 struct sshbuf *buf, *pw; 46 BIGNUM *a, *b, *c; 47 char *cp; 48 49 TEST_START("load passphrase"); 50 pw = load_text_file("pw"); 51 TEST_DONE(); 52 53 TEST_START("parse RSA1 from private"); 54 buf = load_file("rsa1_1"); 55 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1", 56 &k1, NULL), 0); 57 sshbuf_free(buf); 58 ASSERT_PTR_NE(k1, NULL); 59 a = load_bignum("rsa1_1.param.n"); 60 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 61 BN_free(a); 62 TEST_DONE(); 63 64 TEST_START("parse RSA1 from private w/ passphrase"); 65 buf = load_file("rsa1_1_pw"); 66 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 67 (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0); 68 sshbuf_free(buf); 69 ASSERT_PTR_NE(k2, NULL); 70 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 71 sshkey_free(k2); 72 TEST_DONE(); 73 74 TEST_START("load RSA1 from public"); 75 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2, 76 NULL), 0); 77 ASSERT_PTR_NE(k2, NULL); 78 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 79 sshkey_free(k2); 80 TEST_DONE(); 81 82 TEST_START("RSA1 key hex fingerprint"); 83 buf = load_text_file("rsa1_1.fp"); 84 cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX); 85 ASSERT_PTR_NE(cp, NULL); 86 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 87 sshbuf_free(buf); 88 free(cp); 89 TEST_DONE(); 90 91 TEST_START("RSA1 key bubblebabble fingerprint"); 92 buf = load_text_file("rsa1_1.fp.bb"); 93 cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE); 94 ASSERT_PTR_NE(cp, NULL); 95 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 96 sshbuf_free(buf); 97 free(cp); 98 TEST_DONE(); 99 100 sshkey_free(k1); 101 102 TEST_START("parse RSA from private"); 103 buf = load_file("rsa_1"); 104 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", 105 &k1, NULL), 0); 106 sshbuf_free(buf); 107 ASSERT_PTR_NE(k1, NULL); 108 a = load_bignum("rsa_1.param.n"); 109 b = load_bignum("rsa_1.param.p"); 110 c = load_bignum("rsa_1.param.q"); 111 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 112 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 113 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 114 BN_free(a); 115 BN_free(b); 116 BN_free(c); 117 TEST_DONE(); 118 119 TEST_START("parse RSA from private w/ passphrase"); 120 buf = load_file("rsa_1_pw"); 121 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 122 (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0); 123 sshbuf_free(buf); 124 ASSERT_PTR_NE(k2, NULL); 125 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 126 sshkey_free(k2); 127 TEST_DONE(); 128 129 TEST_START("parse RSA from new-format"); 130 buf = load_file("rsa_n"); 131 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 132 "", "rsa_n", &k2, NULL), 0); 133 sshbuf_free(buf); 134 ASSERT_PTR_NE(k2, NULL); 135 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 136 sshkey_free(k2); 137 TEST_DONE(); 138 139 TEST_START("parse RSA from new-format w/ passphrase"); 140 buf = load_file("rsa_n_pw"); 141 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 142 (const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0); 143 sshbuf_free(buf); 144 ASSERT_PTR_NE(k2, NULL); 145 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 146 sshkey_free(k2); 147 TEST_DONE(); 148 149 TEST_START("load RSA from public"); 150 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 151 NULL), 0); 152 ASSERT_PTR_NE(k2, NULL); 153 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 154 sshkey_free(k2); 155 TEST_DONE(); 156 157 TEST_START("load RSA cert"); 158 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 159 ASSERT_PTR_NE(k2, NULL); 160 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 161 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 162 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 163 TEST_DONE(); 164 165 TEST_START("RSA key hex fingerprint"); 166 buf = load_text_file("rsa_1.fp"); 167 cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX); 168 ASSERT_PTR_NE(cp, NULL); 169 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 170 sshbuf_free(buf); 171 free(cp); 172 TEST_DONE(); 173 174 TEST_START("RSA cert hex fingerprint"); 175 buf = load_text_file("rsa_1-cert.fp"); 176 cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX); 177 ASSERT_PTR_NE(cp, NULL); 178 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 179 sshbuf_free(buf); 180 free(cp); 181 sshkey_free(k2); 182 TEST_DONE(); 183 184 TEST_START("RSA key bubblebabble fingerprint"); 185 buf = load_text_file("rsa_1.fp.bb"); 186 cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE); 187 ASSERT_PTR_NE(cp, NULL); 188 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 189 sshbuf_free(buf); 190 free(cp); 191 TEST_DONE(); 192 193 sshkey_free(k1); 194 195 TEST_START("parse DSA from private"); 196 buf = load_file("dsa_1"); 197 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1", 198 &k1, NULL), 0); 199 sshbuf_free(buf); 200 ASSERT_PTR_NE(k1, NULL); 201 a = load_bignum("dsa_1.param.g"); 202 b = load_bignum("dsa_1.param.priv"); 203 c = load_bignum("dsa_1.param.pub"); 204 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 205 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 206 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 207 BN_free(a); 208 BN_free(b); 209 BN_free(c); 210 TEST_DONE(); 211 212 TEST_START("parse DSA from private w/ passphrase"); 213 buf = load_file("dsa_1_pw"); 214 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 215 (const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0); 216 sshbuf_free(buf); 217 ASSERT_PTR_NE(k2, NULL); 218 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 219 sshkey_free(k2); 220 TEST_DONE(); 221 222 TEST_START("parse DSA from new-format"); 223 buf = load_file("dsa_n"); 224 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 225 "", "dsa_n", &k2, NULL), 0); 226 sshbuf_free(buf); 227 ASSERT_PTR_NE(k2, NULL); 228 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 229 sshkey_free(k2); 230 TEST_DONE(); 231 232 TEST_START("parse DSA from new-format w/ passphrase"); 233 buf = load_file("dsa_n_pw"); 234 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 235 (const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0); 236 sshbuf_free(buf); 237 ASSERT_PTR_NE(k2, NULL); 238 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 239 sshkey_free(k2); 240 TEST_DONE(); 241 242 TEST_START("load DSA from public"); 243 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 244 NULL), 0); 245 ASSERT_PTR_NE(k2, NULL); 246 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 247 sshkey_free(k2); 248 TEST_DONE(); 249 250 TEST_START("load DSA cert"); 251 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 252 ASSERT_PTR_NE(k2, NULL); 253 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 254 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 255 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 256 TEST_DONE(); 257 258 TEST_START("DSA key hex fingerprint"); 259 buf = load_text_file("dsa_1.fp"); 260 cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX); 261 ASSERT_PTR_NE(cp, NULL); 262 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 263 sshbuf_free(buf); 264 free(cp); 265 TEST_DONE(); 266 267 TEST_START("DSA cert hex fingerprint"); 268 buf = load_text_file("dsa_1-cert.fp"); 269 cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX); 270 ASSERT_PTR_NE(cp, NULL); 271 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 272 sshbuf_free(buf); 273 free(cp); 274 sshkey_free(k2); 275 TEST_DONE(); 276 277 TEST_START("DSA key bubblebabble fingerprint"); 278 buf = load_text_file("dsa_1.fp.bb"); 279 cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE); 280 ASSERT_PTR_NE(cp, NULL); 281 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 282 sshbuf_free(buf); 283 free(cp); 284 TEST_DONE(); 285 286 sshkey_free(k1); 287 288 #ifdef OPENSSL_HAS_ECC 289 TEST_START("parse ECDSA from private"); 290 buf = load_file("ecdsa_1"); 291 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1", 292 &k1, NULL), 0); 293 sshbuf_free(buf); 294 ASSERT_PTR_NE(k1, NULL); 295 buf = load_text_file("ecdsa_1.param.curve"); 296 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 297 OBJ_nid2sn(k1->ecdsa_nid)); 298 sshbuf_free(buf); 299 a = load_bignum("ecdsa_1.param.priv"); 300 b = load_bignum("ecdsa_1.param.pub"); 301 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 302 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 303 NULL, NULL); 304 ASSERT_PTR_NE(c, NULL); 305 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 306 ASSERT_BIGNUM_EQ(b, c); 307 BN_free(a); 308 BN_free(b); 309 BN_free(c); 310 TEST_DONE(); 311 312 TEST_START("parse ECDSA from private w/ passphrase"); 313 buf = load_file("ecdsa_1_pw"); 314 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 315 (const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0); 316 sshbuf_free(buf); 317 ASSERT_PTR_NE(k2, NULL); 318 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 319 sshkey_free(k2); 320 TEST_DONE(); 321 322 TEST_START("parse ECDSA from new-format"); 323 buf = load_file("ecdsa_n"); 324 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 325 "", "ecdsa_n", &k2, NULL), 0); 326 sshbuf_free(buf); 327 ASSERT_PTR_NE(k2, NULL); 328 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 329 sshkey_free(k2); 330 TEST_DONE(); 331 332 TEST_START("parse ECDSA from new-format w/ passphrase"); 333 buf = load_file("ecdsa_n_pw"); 334 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 335 (const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0); 336 sshbuf_free(buf); 337 ASSERT_PTR_NE(k2, NULL); 338 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 339 sshkey_free(k2); 340 TEST_DONE(); 341 342 TEST_START("load ECDSA from public"); 343 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 344 NULL), 0); 345 ASSERT_PTR_NE(k2, NULL); 346 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 347 sshkey_free(k2); 348 TEST_DONE(); 349 350 TEST_START("load ECDSA cert"); 351 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 352 ASSERT_PTR_NE(k2, NULL); 353 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 354 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 355 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 356 TEST_DONE(); 357 358 TEST_START("ECDSA key hex fingerprint"); 359 buf = load_text_file("ecdsa_1.fp"); 360 cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX); 361 ASSERT_PTR_NE(cp, NULL); 362 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 363 sshbuf_free(buf); 364 free(cp); 365 TEST_DONE(); 366 367 TEST_START("ECDSA cert hex fingerprint"); 368 buf = load_text_file("ecdsa_1-cert.fp"); 369 cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX); 370 ASSERT_PTR_NE(cp, NULL); 371 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 372 sshbuf_free(buf); 373 free(cp); 374 sshkey_free(k2); 375 TEST_DONE(); 376 377 TEST_START("ECDSA key bubblebabble fingerprint"); 378 buf = load_text_file("ecdsa_1.fp.bb"); 379 cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE); 380 ASSERT_PTR_NE(cp, NULL); 381 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 382 sshbuf_free(buf); 383 free(cp); 384 TEST_DONE(); 385 386 sshkey_free(k1); 387 #endif /* OPENSSL_HAS_ECC */ 388 389 TEST_START("parse Ed25519 from private"); 390 buf = load_file("ed25519_1"); 391 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1", 392 &k1, NULL), 0); 393 sshbuf_free(buf); 394 ASSERT_PTR_NE(k1, NULL); 395 ASSERT_INT_EQ(k1->type, KEY_ED25519); 396 /* XXX check key contents */ 397 TEST_DONE(); 398 399 TEST_START("parse Ed25519 from private w/ passphrase"); 400 buf = load_file("ed25519_1_pw"); 401 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 402 (const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0); 403 sshbuf_free(buf); 404 ASSERT_PTR_NE(k2, NULL); 405 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 406 sshkey_free(k2); 407 TEST_DONE(); 408 409 TEST_START("load Ed25519 from public"); 410 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 411 NULL), 0); 412 ASSERT_PTR_NE(k2, NULL); 413 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 414 sshkey_free(k2); 415 TEST_DONE(); 416 417 TEST_START("load Ed25519 cert"); 418 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 419 ASSERT_PTR_NE(k2, NULL); 420 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 421 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 422 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 423 TEST_DONE(); 424 425 TEST_START("Ed25519 key hex fingerprint"); 426 buf = load_text_file("ed25519_1.fp"); 427 cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX); 428 ASSERT_PTR_NE(cp, NULL); 429 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 430 sshbuf_free(buf); 431 free(cp); 432 TEST_DONE(); 433 434 TEST_START("Ed25519 cert hex fingerprint"); 435 buf = load_text_file("ed25519_1-cert.fp"); 436 cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX); 437 ASSERT_PTR_NE(cp, NULL); 438 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 439 sshbuf_free(buf); 440 free(cp); 441 sshkey_free(k2); 442 TEST_DONE(); 443 444 TEST_START("Ed25519 key bubblebabble fingerprint"); 445 buf = load_text_file("ed25519_1.fp.bb"); 446 cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE); 447 ASSERT_PTR_NE(cp, NULL); 448 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 449 sshbuf_free(buf); 450 free(cp); 451 TEST_DONE(); 452 453 sshkey_free(k1); 454 455 sshbuf_free(pw); 456 457 } 458