1 /* $OpenBSD: test_file.c,v 1.3 2015/03/04 23:22:35 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include <sys/types.h> 9 #include <sys/param.h> 10 #include <sys/stat.h> 11 #include <fcntl.h> 12 #include <stdio.h> 13 #include <stdint.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <unistd.h> 17 18 #include <openssl/bn.h> 19 #include <openssl/ec.h> 20 #include <openssl/rsa.h> 21 #include <openssl/dsa.h> 22 #include <openssl/objects.h> 23 24 #include "test_helper.h" 25 26 #include "ssherr.h" 27 #include "authfile.h" 28 #include "sshkey.h" 29 #include "sshbuf.h" 30 #include "digest.h" 31 32 #include "common.h" 33 34 void sshkey_file_tests(void); 35 36 void 37 sshkey_file_tests(void) 38 { 39 struct sshkey *k1, *k2; 40 struct sshbuf *buf, *pw; 41 BIGNUM *a, *b, *c; 42 char *cp; 43 44 TEST_START("load passphrase"); 45 pw = load_text_file("pw"); 46 TEST_DONE(); 47 48 #ifdef WITH_SSH1 49 TEST_START("parse RSA1 from private"); 50 buf = load_file("rsa1_1"); 51 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1", 52 &k1, NULL), 0); 53 sshbuf_free(buf); 54 ASSERT_PTR_NE(k1, NULL); 55 a = load_bignum("rsa1_1.param.n"); 56 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 57 BN_free(a); 58 TEST_DONE(); 59 60 TEST_START("parse RSA1 from private w/ passphrase"); 61 buf = load_file("rsa1_1_pw"); 62 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 63 (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0); 64 sshbuf_free(buf); 65 ASSERT_PTR_NE(k2, NULL); 66 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 67 sshkey_free(k2); 68 TEST_DONE(); 69 70 TEST_START("load RSA1 from public"); 71 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2, 72 NULL), 0); 73 ASSERT_PTR_NE(k2, NULL); 74 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 75 sshkey_free(k2); 76 TEST_DONE(); 77 78 TEST_START("RSA1 key hex fingerprint"); 79 buf = load_text_file("rsa1_1.fp"); 80 cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX); 81 ASSERT_PTR_NE(cp, NULL); 82 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 83 sshbuf_free(buf); 84 free(cp); 85 TEST_DONE(); 86 87 TEST_START("RSA1 key bubblebabble fingerprint"); 88 buf = load_text_file("rsa1_1.fp.bb"); 89 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 90 ASSERT_PTR_NE(cp, NULL); 91 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 92 sshbuf_free(buf); 93 free(cp); 94 TEST_DONE(); 95 96 sshkey_free(k1); 97 #endif 98 99 TEST_START("parse RSA from private"); 100 buf = load_file("rsa_1"); 101 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", 102 &k1, NULL), 0); 103 sshbuf_free(buf); 104 ASSERT_PTR_NE(k1, NULL); 105 a = load_bignum("rsa_1.param.n"); 106 b = load_bignum("rsa_1.param.p"); 107 c = load_bignum("rsa_1.param.q"); 108 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 109 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 110 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 111 BN_free(a); 112 BN_free(b); 113 BN_free(c); 114 TEST_DONE(); 115 116 TEST_START("parse RSA from private w/ passphrase"); 117 buf = load_file("rsa_1_pw"); 118 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 119 (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0); 120 sshbuf_free(buf); 121 ASSERT_PTR_NE(k2, NULL); 122 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 123 sshkey_free(k2); 124 TEST_DONE(); 125 126 TEST_START("parse RSA from new-format"); 127 buf = load_file("rsa_n"); 128 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 129 "", "rsa_n", &k2, NULL), 0); 130 sshbuf_free(buf); 131 ASSERT_PTR_NE(k2, NULL); 132 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 133 sshkey_free(k2); 134 TEST_DONE(); 135 136 TEST_START("parse RSA from new-format w/ passphrase"); 137 buf = load_file("rsa_n_pw"); 138 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 139 (const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0); 140 sshbuf_free(buf); 141 ASSERT_PTR_NE(k2, NULL); 142 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 143 sshkey_free(k2); 144 TEST_DONE(); 145 146 TEST_START("load RSA from public"); 147 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 148 NULL), 0); 149 ASSERT_PTR_NE(k2, NULL); 150 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 151 sshkey_free(k2); 152 TEST_DONE(); 153 154 TEST_START("load RSA cert"); 155 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 156 ASSERT_PTR_NE(k2, NULL); 157 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 158 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 159 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 160 TEST_DONE(); 161 162 TEST_START("RSA key hex fingerprint"); 163 buf = load_text_file("rsa_1.fp"); 164 cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX); 165 ASSERT_PTR_NE(cp, NULL); 166 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 167 sshbuf_free(buf); 168 free(cp); 169 TEST_DONE(); 170 171 TEST_START("RSA cert hex fingerprint"); 172 buf = load_text_file("rsa_1-cert.fp"); 173 cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX); 174 ASSERT_PTR_NE(cp, NULL); 175 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 176 sshbuf_free(buf); 177 free(cp); 178 sshkey_free(k2); 179 TEST_DONE(); 180 181 TEST_START("RSA key bubblebabble fingerprint"); 182 buf = load_text_file("rsa_1.fp.bb"); 183 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 184 ASSERT_PTR_NE(cp, NULL); 185 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 186 sshbuf_free(buf); 187 free(cp); 188 TEST_DONE(); 189 190 sshkey_free(k1); 191 192 TEST_START("parse DSA from private"); 193 buf = load_file("dsa_1"); 194 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1", 195 &k1, NULL), 0); 196 sshbuf_free(buf); 197 ASSERT_PTR_NE(k1, NULL); 198 a = load_bignum("dsa_1.param.g"); 199 b = load_bignum("dsa_1.param.priv"); 200 c = load_bignum("dsa_1.param.pub"); 201 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 202 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 203 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 204 BN_free(a); 205 BN_free(b); 206 BN_free(c); 207 TEST_DONE(); 208 209 TEST_START("parse DSA from private w/ passphrase"); 210 buf = load_file("dsa_1_pw"); 211 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 212 (const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0); 213 sshbuf_free(buf); 214 ASSERT_PTR_NE(k2, NULL); 215 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 216 sshkey_free(k2); 217 TEST_DONE(); 218 219 TEST_START("parse DSA from new-format"); 220 buf = load_file("dsa_n"); 221 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 222 "", "dsa_n", &k2, NULL), 0); 223 sshbuf_free(buf); 224 ASSERT_PTR_NE(k2, NULL); 225 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 226 sshkey_free(k2); 227 TEST_DONE(); 228 229 TEST_START("parse DSA from new-format w/ passphrase"); 230 buf = load_file("dsa_n_pw"); 231 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 232 (const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0); 233 sshbuf_free(buf); 234 ASSERT_PTR_NE(k2, NULL); 235 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 236 sshkey_free(k2); 237 TEST_DONE(); 238 239 TEST_START("load DSA from public"); 240 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 241 NULL), 0); 242 ASSERT_PTR_NE(k2, NULL); 243 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 244 sshkey_free(k2); 245 TEST_DONE(); 246 247 TEST_START("load DSA cert"); 248 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 249 ASSERT_PTR_NE(k2, NULL); 250 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 251 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 252 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 253 TEST_DONE(); 254 255 TEST_START("DSA key hex fingerprint"); 256 buf = load_text_file("dsa_1.fp"); 257 cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX); 258 ASSERT_PTR_NE(cp, NULL); 259 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 260 sshbuf_free(buf); 261 free(cp); 262 TEST_DONE(); 263 264 TEST_START("DSA cert hex fingerprint"); 265 buf = load_text_file("dsa_1-cert.fp"); 266 cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX); 267 ASSERT_PTR_NE(cp, NULL); 268 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 269 sshbuf_free(buf); 270 free(cp); 271 sshkey_free(k2); 272 TEST_DONE(); 273 274 TEST_START("DSA key bubblebabble fingerprint"); 275 buf = load_text_file("dsa_1.fp.bb"); 276 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 277 ASSERT_PTR_NE(cp, NULL); 278 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 279 sshbuf_free(buf); 280 free(cp); 281 TEST_DONE(); 282 283 sshkey_free(k1); 284 285 TEST_START("parse ECDSA from private"); 286 buf = load_file("ecdsa_1"); 287 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1", 288 &k1, NULL), 0); 289 sshbuf_free(buf); 290 ASSERT_PTR_NE(k1, NULL); 291 buf = load_text_file("ecdsa_1.param.curve"); 292 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 293 OBJ_nid2sn(k1->ecdsa_nid)); 294 sshbuf_free(buf); 295 a = load_bignum("ecdsa_1.param.priv"); 296 b = load_bignum("ecdsa_1.param.pub"); 297 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 298 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 299 NULL, NULL); 300 ASSERT_PTR_NE(c, NULL); 301 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 302 ASSERT_BIGNUM_EQ(b, c); 303 BN_free(a); 304 BN_free(b); 305 BN_free(c); 306 TEST_DONE(); 307 308 TEST_START("parse ECDSA from private w/ passphrase"); 309 buf = load_file("ecdsa_1_pw"); 310 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 311 (const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0); 312 sshbuf_free(buf); 313 ASSERT_PTR_NE(k2, NULL); 314 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 315 sshkey_free(k2); 316 TEST_DONE(); 317 318 TEST_START("parse ECDSA from new-format"); 319 buf = load_file("ecdsa_n"); 320 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 321 "", "ecdsa_n", &k2, NULL), 0); 322 sshbuf_free(buf); 323 ASSERT_PTR_NE(k2, NULL); 324 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 325 sshkey_free(k2); 326 TEST_DONE(); 327 328 TEST_START("parse ECDSA from new-format w/ passphrase"); 329 buf = load_file("ecdsa_n_pw"); 330 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 331 (const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0); 332 sshbuf_free(buf); 333 ASSERT_PTR_NE(k2, NULL); 334 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 335 sshkey_free(k2); 336 TEST_DONE(); 337 338 TEST_START("load ECDSA from public"); 339 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 340 NULL), 0); 341 ASSERT_PTR_NE(k2, NULL); 342 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 343 sshkey_free(k2); 344 TEST_DONE(); 345 346 TEST_START("load ECDSA cert"); 347 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 348 ASSERT_PTR_NE(k2, NULL); 349 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 350 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 351 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 352 TEST_DONE(); 353 354 TEST_START("ECDSA key hex fingerprint"); 355 buf = load_text_file("ecdsa_1.fp"); 356 cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX); 357 ASSERT_PTR_NE(cp, NULL); 358 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 359 sshbuf_free(buf); 360 free(cp); 361 TEST_DONE(); 362 363 TEST_START("ECDSA cert hex fingerprint"); 364 buf = load_text_file("ecdsa_1-cert.fp"); 365 cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX); 366 ASSERT_PTR_NE(cp, NULL); 367 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 368 sshbuf_free(buf); 369 free(cp); 370 sshkey_free(k2); 371 TEST_DONE(); 372 373 TEST_START("ECDSA key bubblebabble fingerprint"); 374 buf = load_text_file("ecdsa_1.fp.bb"); 375 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 376 ASSERT_PTR_NE(cp, NULL); 377 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 378 sshbuf_free(buf); 379 free(cp); 380 TEST_DONE(); 381 382 sshkey_free(k1); 383 384 TEST_START("parse Ed25519 from private"); 385 buf = load_file("ed25519_1"); 386 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1", 387 &k1, NULL), 0); 388 sshbuf_free(buf); 389 ASSERT_PTR_NE(k1, NULL); 390 ASSERT_INT_EQ(k1->type, KEY_ED25519); 391 /* XXX check key contents */ 392 TEST_DONE(); 393 394 TEST_START("parse Ed25519 from private w/ passphrase"); 395 buf = load_file("ed25519_1_pw"); 396 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 397 (const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0); 398 sshbuf_free(buf); 399 ASSERT_PTR_NE(k2, NULL); 400 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 401 sshkey_free(k2); 402 TEST_DONE(); 403 404 TEST_START("load Ed25519 from public"); 405 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 406 NULL), 0); 407 ASSERT_PTR_NE(k2, NULL); 408 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 409 sshkey_free(k2); 410 TEST_DONE(); 411 412 TEST_START("load Ed25519 cert"); 413 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 414 ASSERT_PTR_NE(k2, NULL); 415 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 416 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 417 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 418 TEST_DONE(); 419 420 TEST_START("Ed25519 key hex fingerprint"); 421 buf = load_text_file("ed25519_1.fp"); 422 cp = sshkey_fingerprint(k1, SSH_DIGEST_MD5, SSH_FP_HEX); 423 ASSERT_PTR_NE(cp, NULL); 424 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 425 sshbuf_free(buf); 426 free(cp); 427 TEST_DONE(); 428 429 TEST_START("Ed25519 cert hex fingerprint"); 430 buf = load_text_file("ed25519_1-cert.fp"); 431 cp = sshkey_fingerprint(k2, SSH_DIGEST_MD5, SSH_FP_HEX); 432 ASSERT_PTR_NE(cp, NULL); 433 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 434 sshbuf_free(buf); 435 free(cp); 436 sshkey_free(k2); 437 TEST_DONE(); 438 439 TEST_START("Ed25519 key bubblebabble fingerprint"); 440 buf = load_text_file("ed25519_1.fp.bb"); 441 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 442 ASSERT_PTR_NE(cp, NULL); 443 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 444 sshbuf_free(buf); 445 free(cp); 446 TEST_DONE(); 447 448 sshkey_free(k1); 449 450 sshbuf_free(pw); 451 452 } 453