1 /* $OpenBSD: test_file.c,v 1.12 2024/08/15 00:52:23 djm Exp $ */
2 /*
3 * Regress test for sshkey.h key management API
4 *
5 * Placed in the public domain
6 */
7
8 #include "includes.h"
9
10 #include <sys/types.h>
11 #include <sys/stat.h>
12 #include <fcntl.h>
13 #include <stdio.h>
14 #ifdef HAVE_STDINT_H
15 #include <stdint.h>
16 #endif
17 #include <stdlib.h>
18 #include <string.h>
19 #include <unistd.h>
20
21 #ifdef WITH_OPENSSL
22 #include <openssl/bn.h>
23 #include <openssl/rsa.h>
24 #include <openssl/dsa.h>
25 #include <openssl/objects.h>
26 #ifdef OPENSSL_HAS_NISTP256
27 # include <openssl/ec.h>
28 #endif /* OPENSSL_HAS_NISTP256 */
29 #endif /* WITH_OPENSSL */
30
31 #include "../test_helper/test_helper.h"
32
33 #include "ssherr.h"
34 #include "authfile.h"
35 #include "sshkey.h"
36 #include "sshbuf.h"
37 #include "digest.h"
38
39 #include "common.h"
40
41 void sshkey_file_tests(void);
42
43 void
sshkey_file_tests(void)44 sshkey_file_tests(void)
45 {
46 struct sshkey *k1, *k2;
47 struct sshbuf *buf, *pw;
48 #ifdef WITH_OPENSSL
49 BIGNUM *a, *b, *c;
50 #endif
51 char *cp;
52
53 TEST_START("load passphrase");
54 pw = load_text_file("pw");
55 TEST_DONE();
56
57
58 #ifdef WITH_OPENSSL
59 TEST_START("parse RSA from private");
60 buf = load_file("rsa_1");
61 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
62 sshbuf_free(buf);
63 ASSERT_PTR_NE(k1, NULL);
64 a = load_bignum("rsa_1.param.n");
65 b = load_bignum("rsa_1.param.p");
66 c = load_bignum("rsa_1.param.q");
67 ASSERT_BIGNUM_EQ(rsa_n(k1), a);
68 ASSERT_BIGNUM_EQ(rsa_p(k1), b);
69 ASSERT_BIGNUM_EQ(rsa_q(k1), c);
70 BN_free(a);
71 BN_free(b);
72 BN_free(c);
73 TEST_DONE();
74
75 TEST_START("parse RSA from private w/ passphrase");
76 buf = load_file("rsa_1_pw");
77 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
78 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
79 sshbuf_free(buf);
80 ASSERT_PTR_NE(k2, NULL);
81 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
82 sshkey_free(k2);
83 TEST_DONE();
84
85 TEST_START("parse RSA from new-format");
86 buf = load_file("rsa_n");
87 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
88 sshbuf_free(buf);
89 ASSERT_PTR_NE(k2, NULL);
90 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
91 sshkey_free(k2);
92 TEST_DONE();
93
94 TEST_START("parse RSA from new-format w/ passphrase");
95 buf = load_file("rsa_n_pw");
96 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
97 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
98 sshbuf_free(buf);
99 ASSERT_PTR_NE(k2, NULL);
100 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
101 sshkey_free(k2);
102 TEST_DONE();
103
104 TEST_START("load RSA from public");
105 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
106 NULL), 0);
107 ASSERT_PTR_NE(k2, NULL);
108 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
109 sshkey_free(k2);
110 TEST_DONE();
111
112 TEST_START("load RSA cert with SHA1 signature");
113 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0);
114 ASSERT_PTR_NE(k2, NULL);
115 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
116 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
117 ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa");
118 sshkey_free(k2);
119 TEST_DONE();
120
121 TEST_START("load RSA cert with SHA512 signature");
122 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0);
123 ASSERT_PTR_NE(k2, NULL);
124 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
125 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
126 ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512");
127 sshkey_free(k2);
128 TEST_DONE();
129
130 TEST_START("load RSA cert");
131 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
132 ASSERT_PTR_NE(k2, NULL);
133 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
134 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
135 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
136 TEST_DONE();
137
138 TEST_START("RSA key hex fingerprint");
139 buf = load_text_file("rsa_1.fp");
140 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
141 ASSERT_PTR_NE(cp, NULL);
142 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
143 sshbuf_free(buf);
144 free(cp);
145 TEST_DONE();
146
147 TEST_START("RSA cert hex fingerprint");
148 buf = load_text_file("rsa_1-cert.fp");
149 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
150 ASSERT_PTR_NE(cp, NULL);
151 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
152 sshbuf_free(buf);
153 free(cp);
154 sshkey_free(k2);
155 TEST_DONE();
156
157 TEST_START("RSA key bubblebabble fingerprint");
158 buf = load_text_file("rsa_1.fp.bb");
159 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
160 ASSERT_PTR_NE(cp, NULL);
161 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
162 sshbuf_free(buf);
163 free(cp);
164 TEST_DONE();
165
166 sshkey_free(k1);
167
168 #ifdef WITH_DSA
169 TEST_START("parse DSA from private");
170 buf = load_file("dsa_1");
171 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
172 sshbuf_free(buf);
173 ASSERT_PTR_NE(k1, NULL);
174 a = load_bignum("dsa_1.param.g");
175 b = load_bignum("dsa_1.param.priv");
176 c = load_bignum("dsa_1.param.pub");
177 ASSERT_BIGNUM_EQ(dsa_g(k1), a);
178 ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b);
179 ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c);
180 BN_free(a);
181 BN_free(b);
182 BN_free(c);
183 TEST_DONE();
184
185 TEST_START("parse DSA from private w/ passphrase");
186 buf = load_file("dsa_1_pw");
187 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
188 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
189 sshbuf_free(buf);
190 ASSERT_PTR_NE(k2, NULL);
191 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
192 sshkey_free(k2);
193 TEST_DONE();
194
195 TEST_START("parse DSA from new-format");
196 buf = load_file("dsa_n");
197 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
198 sshbuf_free(buf);
199 ASSERT_PTR_NE(k2, NULL);
200 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
201 sshkey_free(k2);
202 TEST_DONE();
203
204 TEST_START("parse DSA from new-format w/ passphrase");
205 buf = load_file("dsa_n_pw");
206 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
207 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
208 sshbuf_free(buf);
209 ASSERT_PTR_NE(k2, NULL);
210 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
211 sshkey_free(k2);
212 TEST_DONE();
213
214 TEST_START("load DSA from public");
215 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
216 NULL), 0);
217 ASSERT_PTR_NE(k2, NULL);
218 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
219 sshkey_free(k2);
220 TEST_DONE();
221
222 TEST_START("load DSA cert");
223 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
224 ASSERT_PTR_NE(k2, NULL);
225 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
226 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
227 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
228 TEST_DONE();
229
230 TEST_START("DSA key hex fingerprint");
231 buf = load_text_file("dsa_1.fp");
232 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
233 ASSERT_PTR_NE(cp, NULL);
234 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
235 sshbuf_free(buf);
236 free(cp);
237 TEST_DONE();
238
239 TEST_START("DSA cert hex fingerprint");
240 buf = load_text_file("dsa_1-cert.fp");
241 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
242 ASSERT_PTR_NE(cp, NULL);
243 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
244 sshbuf_free(buf);
245 free(cp);
246 sshkey_free(k2);
247 TEST_DONE();
248
249 TEST_START("DSA key bubblebabble fingerprint");
250 buf = load_text_file("dsa_1.fp.bb");
251 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
252 ASSERT_PTR_NE(cp, NULL);
253 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
254 sshbuf_free(buf);
255 free(cp);
256 TEST_DONE();
257
258 sshkey_free(k1);
259 #endif
260
261 #ifdef OPENSSL_HAS_ECC
262 TEST_START("parse ECDSA from private");
263 buf = load_file("ecdsa_1");
264 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
265 sshbuf_free(buf);
266 ASSERT_PTR_NE(k1, NULL);
267 buf = load_text_file("ecdsa_1.param.curve");
268 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf),
269 OBJ_nid2sn(k1->ecdsa_nid));
270 sshbuf_free(buf);
271 #ifndef OPENSSL_IS_BORINGSSL /* lacks EC_POINT_point2bn() */
272 a = load_bignum("ecdsa_1.param.priv");
273 b = load_bignum("ecdsa_1.param.pub");
274 c = EC_POINT_point2bn(EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(k1->pkey)),
275 EC_KEY_get0_public_key(EVP_PKEY_get0_EC_KEY(k1->pkey)),
276 POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
277 ASSERT_PTR_NE(c, NULL);
278 ASSERT_BIGNUM_EQ(
279 EC_KEY_get0_private_key(EVP_PKEY_get0_EC_KEY(k1->pkey)), a);
280 ASSERT_BIGNUM_EQ(b, c);
281 BN_free(a);
282 BN_free(b);
283 BN_free(c);
284 #endif /* OPENSSL_IS_BORINGSSL */
285 TEST_DONE();
286
287 TEST_START("parse ECDSA from private w/ passphrase");
288 buf = load_file("ecdsa_1_pw");
289 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
290 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
291 sshbuf_free(buf);
292 ASSERT_PTR_NE(k2, NULL);
293 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
294 sshkey_free(k2);
295 TEST_DONE();
296
297 TEST_START("parse ECDSA from new-format");
298 buf = load_file("ecdsa_n");
299 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
300 sshbuf_free(buf);
301 ASSERT_PTR_NE(k2, NULL);
302 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
303 sshkey_free(k2);
304 TEST_DONE();
305
306 TEST_START("parse ECDSA from new-format w/ passphrase");
307 buf = load_file("ecdsa_n_pw");
308 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
309 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
310 sshbuf_free(buf);
311 ASSERT_PTR_NE(k2, NULL);
312 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
313 sshkey_free(k2);
314 TEST_DONE();
315
316 TEST_START("load ECDSA from public");
317 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
318 NULL), 0);
319 ASSERT_PTR_NE(k2, NULL);
320 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
321 sshkey_free(k2);
322 TEST_DONE();
323
324 TEST_START("load ECDSA cert");
325 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0);
326 ASSERT_PTR_NE(k2, NULL);
327 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT);
328 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
329 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
330 TEST_DONE();
331
332 TEST_START("ECDSA key hex fingerprint");
333 buf = load_text_file("ecdsa_1.fp");
334 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
335 ASSERT_PTR_NE(cp, NULL);
336 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
337 sshbuf_free(buf);
338 free(cp);
339 TEST_DONE();
340
341 TEST_START("ECDSA cert hex fingerprint");
342 buf = load_text_file("ecdsa_1-cert.fp");
343 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
344 ASSERT_PTR_NE(cp, NULL);
345 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
346 sshbuf_free(buf);
347 free(cp);
348 sshkey_free(k2);
349 TEST_DONE();
350
351 TEST_START("ECDSA key bubblebabble fingerprint");
352 buf = load_text_file("ecdsa_1.fp.bb");
353 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
354 ASSERT_PTR_NE(cp, NULL);
355 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
356 sshbuf_free(buf);
357 free(cp);
358 TEST_DONE();
359
360 sshkey_free(k1);
361 #endif /* OPENSSL_HAS_ECC */
362 #endif /* WITH_OPENSSL */
363
364 TEST_START("parse Ed25519 from private");
365 buf = load_file("ed25519_1");
366 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
367 sshbuf_free(buf);
368 ASSERT_PTR_NE(k1, NULL);
369 ASSERT_INT_EQ(k1->type, KEY_ED25519);
370 /* XXX check key contents */
371 TEST_DONE();
372
373 TEST_START("parse Ed25519 from private w/ passphrase");
374 buf = load_file("ed25519_1_pw");
375 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
376 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
377 sshbuf_free(buf);
378 ASSERT_PTR_NE(k2, NULL);
379 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
380 sshkey_free(k2);
381 TEST_DONE();
382
383 TEST_START("load Ed25519 from public");
384 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
385 NULL), 0);
386 ASSERT_PTR_NE(k2, NULL);
387 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
388 sshkey_free(k2);
389 TEST_DONE();
390
391 TEST_START("load Ed25519 cert");
392 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0);
393 ASSERT_PTR_NE(k2, NULL);
394 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT);
395 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
396 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
397 TEST_DONE();
398
399 TEST_START("Ed25519 key hex fingerprint");
400 buf = load_text_file("ed25519_1.fp");
401 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
402 ASSERT_PTR_NE(cp, NULL);
403 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
404 sshbuf_free(buf);
405 free(cp);
406 TEST_DONE();
407
408 TEST_START("Ed25519 cert hex fingerprint");
409 buf = load_text_file("ed25519_1-cert.fp");
410 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
411 ASSERT_PTR_NE(cp, NULL);
412 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
413 sshbuf_free(buf);
414 free(cp);
415 sshkey_free(k2);
416 TEST_DONE();
417
418 TEST_START("Ed25519 key bubblebabble fingerprint");
419 buf = load_text_file("ed25519_1.fp.bb");
420 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
421 ASSERT_PTR_NE(cp, NULL);
422 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
423 sshbuf_free(buf);
424 free(cp);
425 TEST_DONE();
426
427 sshkey_free(k1);
428
429 #ifdef ENABLE_SK
430 #if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
431 TEST_START("parse ECDSA-SK from private");
432 buf = load_file("ecdsa_sk1");
433 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
434 sshbuf_free(buf);
435 ASSERT_PTR_NE(k1, NULL);
436 ASSERT_INT_EQ(k1->type, KEY_ECDSA_SK);
437 TEST_DONE();
438
439 TEST_START("parse ECDSA-SK from private w/ passphrase");
440 buf = load_file("ecdsa_sk1_pw");
441 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
442 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
443 sshbuf_free(buf);
444 ASSERT_PTR_NE(k2, NULL);
445 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
446 sshkey_free(k2);
447 TEST_DONE();
448
449 TEST_START("load ECDSA-SK from public");
450 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_sk1.pub"), &k2,
451 NULL), 0);
452 ASSERT_PTR_NE(k2, NULL);
453 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
454 sshkey_free(k2);
455 TEST_DONE();
456
457 TEST_START("load ECDSA-SK cert");
458 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_sk1"), &k2), 0);
459 ASSERT_PTR_NE(k2, NULL);
460 ASSERT_INT_EQ(k2->type, KEY_ECDSA_SK_CERT);
461 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
462 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
463 TEST_DONE();
464
465 TEST_START("ECDSA-SK key hex fingerprint");
466 buf = load_text_file("ecdsa_sk1.fp");
467 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
468 ASSERT_PTR_NE(cp, NULL);
469 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
470 sshbuf_free(buf);
471 free(cp);
472 TEST_DONE();
473
474 TEST_START("ECDSA-SK cert hex fingerprint");
475 buf = load_text_file("ecdsa_sk1-cert.fp");
476 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
477 ASSERT_PTR_NE(cp, NULL);
478 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
479 sshbuf_free(buf);
480 free(cp);
481 sshkey_free(k2);
482 TEST_DONE();
483
484 TEST_START("ECDSA-SK key bubblebabble fingerprint");
485 buf = load_text_file("ecdsa_sk1.fp.bb");
486 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
487 ASSERT_PTR_NE(cp, NULL);
488 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
489 sshbuf_free(buf);
490 free(cp);
491 TEST_DONE();
492
493 sshkey_free(k1);
494 #endif
495
496 TEST_START("parse Ed25519-SK from private");
497 buf = load_file("ed25519_sk1");
498 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
499 sshbuf_free(buf);
500 ASSERT_PTR_NE(k1, NULL);
501 ASSERT_INT_EQ(k1->type, KEY_ED25519_SK);
502 /* XXX check key contents */
503 TEST_DONE();
504
505 TEST_START("parse Ed25519-SK from private w/ passphrase");
506 buf = load_file("ed25519_sk1_pw");
507 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
508 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
509 sshbuf_free(buf);
510 ASSERT_PTR_NE(k2, NULL);
511 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
512 sshkey_free(k2);
513 TEST_DONE();
514
515 TEST_START("load Ed25519-SK from public");
516 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_sk1.pub"),
517 &k2, NULL), 0);
518 ASSERT_PTR_NE(k2, NULL);
519 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
520 sshkey_free(k2);
521 TEST_DONE();
522
523 TEST_START("load Ed25519-SK cert");
524 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_sk1"), &k2), 0);
525 ASSERT_PTR_NE(k2, NULL);
526 ASSERT_INT_EQ(k2->type, KEY_ED25519_SK_CERT);
527 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
528 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
529 TEST_DONE();
530
531 TEST_START("Ed25519-SK key hex fingerprint");
532 buf = load_text_file("ed25519_sk1.fp");
533 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
534 ASSERT_PTR_NE(cp, NULL);
535 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
536 sshbuf_free(buf);
537 free(cp);
538 TEST_DONE();
539
540 TEST_START("Ed25519-SK cert hex fingerprint");
541 buf = load_text_file("ed25519_sk1-cert.fp");
542 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
543 ASSERT_PTR_NE(cp, NULL);
544 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
545 sshbuf_free(buf);
546 free(cp);
547 sshkey_free(k2);
548 TEST_DONE();
549
550 TEST_START("Ed25519-SK key bubblebabble fingerprint");
551 buf = load_text_file("ed25519_sk1.fp.bb");
552 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
553 ASSERT_PTR_NE(cp, NULL);
554 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
555 sshbuf_free(buf);
556 free(cp);
557 TEST_DONE();
558
559 sshkey_free(k1);
560 #endif /* ENABLE_SK */
561
562 sshbuf_free(pw);
563
564 }
565