1 /* $OpenBSD: test_file.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #ifdef HAVE_STDINT_H 16 #include <stdint.h> 17 #endif 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 22 #include <openssl/bn.h> 23 #include <openssl/rsa.h> 24 #include <openssl/dsa.h> 25 #include <openssl/objects.h> 26 #ifdef OPENSSL_HAS_NISTP256 27 # include <openssl/ec.h> 28 #endif 29 30 #include "../test_helper/test_helper.h" 31 32 #include "ssherr.h" 33 #include "authfile.h" 34 #include "sshkey.h" 35 #include "sshbuf.h" 36 #include "digest.h" 37 38 #include "common.h" 39 40 void sshkey_file_tests(void); 41 42 void 43 sshkey_file_tests(void) 44 { 45 struct sshkey *k1, *k2; 46 struct sshbuf *buf, *pw; 47 BIGNUM *a, *b, *c; 48 char *cp; 49 50 TEST_START("load passphrase"); 51 pw = load_text_file("pw"); 52 TEST_DONE(); 53 54 #ifdef WITH_SSH1 55 TEST_START("parse RSA1 from private"); 56 buf = load_file("rsa1_1"); 57 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 58 sshbuf_free(buf); 59 ASSERT_PTR_NE(k1, NULL); 60 a = load_bignum("rsa1_1.param.n"); 61 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 62 BN_free(a); 63 TEST_DONE(); 64 65 TEST_START("parse RSA1 from private w/ passphrase"); 66 buf = load_file("rsa1_1_pw"); 67 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 68 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 69 sshbuf_free(buf); 70 ASSERT_PTR_NE(k2, NULL); 71 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 72 sshkey_free(k2); 73 TEST_DONE(); 74 75 TEST_START("load RSA1 from public"); 76 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2, 77 NULL), 0); 78 ASSERT_PTR_NE(k2, NULL); 79 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 80 sshkey_free(k2); 81 TEST_DONE(); 82 83 TEST_START("RSA1 key hex fingerprint"); 84 buf = load_text_file("rsa1_1.fp"); 85 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 86 ASSERT_PTR_NE(cp, NULL); 87 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 88 sshbuf_free(buf); 89 free(cp); 90 TEST_DONE(); 91 92 TEST_START("RSA1 key bubblebabble fingerprint"); 93 buf = load_text_file("rsa1_1.fp.bb"); 94 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 95 ASSERT_PTR_NE(cp, NULL); 96 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 97 sshbuf_free(buf); 98 free(cp); 99 TEST_DONE(); 100 101 sshkey_free(k1); 102 #endif 103 104 TEST_START("parse RSA from private"); 105 buf = load_file("rsa_1"); 106 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 107 sshbuf_free(buf); 108 ASSERT_PTR_NE(k1, NULL); 109 a = load_bignum("rsa_1.param.n"); 110 b = load_bignum("rsa_1.param.p"); 111 c = load_bignum("rsa_1.param.q"); 112 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 113 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 114 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 115 BN_free(a); 116 BN_free(b); 117 BN_free(c); 118 TEST_DONE(); 119 120 TEST_START("parse RSA from private w/ passphrase"); 121 buf = load_file("rsa_1_pw"); 122 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 123 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 124 sshbuf_free(buf); 125 ASSERT_PTR_NE(k2, NULL); 126 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 127 sshkey_free(k2); 128 TEST_DONE(); 129 130 TEST_START("parse RSA from new-format"); 131 buf = load_file("rsa_n"); 132 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 133 sshbuf_free(buf); 134 ASSERT_PTR_NE(k2, NULL); 135 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 136 sshkey_free(k2); 137 TEST_DONE(); 138 139 TEST_START("parse RSA from new-format w/ passphrase"); 140 buf = load_file("rsa_n_pw"); 141 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 142 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 143 sshbuf_free(buf); 144 ASSERT_PTR_NE(k2, NULL); 145 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 146 sshkey_free(k2); 147 TEST_DONE(); 148 149 TEST_START("load RSA from public"); 150 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 151 NULL), 0); 152 ASSERT_PTR_NE(k2, NULL); 153 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 154 sshkey_free(k2); 155 TEST_DONE(); 156 157 TEST_START("load RSA cert"); 158 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 159 ASSERT_PTR_NE(k2, NULL); 160 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 161 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 162 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 163 TEST_DONE(); 164 165 TEST_START("RSA key hex fingerprint"); 166 buf = load_text_file("rsa_1.fp"); 167 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 168 ASSERT_PTR_NE(cp, NULL); 169 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 170 sshbuf_free(buf); 171 free(cp); 172 TEST_DONE(); 173 174 TEST_START("RSA cert hex fingerprint"); 175 buf = load_text_file("rsa_1-cert.fp"); 176 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 177 ASSERT_PTR_NE(cp, NULL); 178 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 179 sshbuf_free(buf); 180 free(cp); 181 sshkey_free(k2); 182 TEST_DONE(); 183 184 TEST_START("RSA key bubblebabble fingerprint"); 185 buf = load_text_file("rsa_1.fp.bb"); 186 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 187 ASSERT_PTR_NE(cp, NULL); 188 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 189 sshbuf_free(buf); 190 free(cp); 191 TEST_DONE(); 192 193 sshkey_free(k1); 194 195 TEST_START("parse DSA from private"); 196 buf = load_file("dsa_1"); 197 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 198 sshbuf_free(buf); 199 ASSERT_PTR_NE(k1, NULL); 200 a = load_bignum("dsa_1.param.g"); 201 b = load_bignum("dsa_1.param.priv"); 202 c = load_bignum("dsa_1.param.pub"); 203 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 204 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 205 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 206 BN_free(a); 207 BN_free(b); 208 BN_free(c); 209 TEST_DONE(); 210 211 TEST_START("parse DSA from private w/ passphrase"); 212 buf = load_file("dsa_1_pw"); 213 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 214 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 215 sshbuf_free(buf); 216 ASSERT_PTR_NE(k2, NULL); 217 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 218 sshkey_free(k2); 219 TEST_DONE(); 220 221 TEST_START("parse DSA from new-format"); 222 buf = load_file("dsa_n"); 223 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 224 sshbuf_free(buf); 225 ASSERT_PTR_NE(k2, NULL); 226 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 227 sshkey_free(k2); 228 TEST_DONE(); 229 230 TEST_START("parse DSA from new-format w/ passphrase"); 231 buf = load_file("dsa_n_pw"); 232 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 233 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 234 sshbuf_free(buf); 235 ASSERT_PTR_NE(k2, NULL); 236 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 237 sshkey_free(k2); 238 TEST_DONE(); 239 240 TEST_START("load DSA from public"); 241 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 242 NULL), 0); 243 ASSERT_PTR_NE(k2, NULL); 244 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 245 sshkey_free(k2); 246 TEST_DONE(); 247 248 TEST_START("load DSA cert"); 249 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 250 ASSERT_PTR_NE(k2, NULL); 251 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 252 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 253 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 254 TEST_DONE(); 255 256 TEST_START("DSA key hex fingerprint"); 257 buf = load_text_file("dsa_1.fp"); 258 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 259 ASSERT_PTR_NE(cp, NULL); 260 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 261 sshbuf_free(buf); 262 free(cp); 263 TEST_DONE(); 264 265 TEST_START("DSA cert hex fingerprint"); 266 buf = load_text_file("dsa_1-cert.fp"); 267 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 268 ASSERT_PTR_NE(cp, NULL); 269 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 270 sshbuf_free(buf); 271 free(cp); 272 sshkey_free(k2); 273 TEST_DONE(); 274 275 TEST_START("DSA key bubblebabble fingerprint"); 276 buf = load_text_file("dsa_1.fp.bb"); 277 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 278 ASSERT_PTR_NE(cp, NULL); 279 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 280 sshbuf_free(buf); 281 free(cp); 282 TEST_DONE(); 283 284 sshkey_free(k1); 285 286 #ifdef OPENSSL_HAS_ECC 287 TEST_START("parse ECDSA from private"); 288 buf = load_file("ecdsa_1"); 289 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 290 sshbuf_free(buf); 291 ASSERT_PTR_NE(k1, NULL); 292 buf = load_text_file("ecdsa_1.param.curve"); 293 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 294 OBJ_nid2sn(k1->ecdsa_nid)); 295 sshbuf_free(buf); 296 a = load_bignum("ecdsa_1.param.priv"); 297 b = load_bignum("ecdsa_1.param.pub"); 298 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 299 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 300 NULL, NULL); 301 ASSERT_PTR_NE(c, NULL); 302 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 303 ASSERT_BIGNUM_EQ(b, c); 304 BN_free(a); 305 BN_free(b); 306 BN_free(c); 307 TEST_DONE(); 308 309 TEST_START("parse ECDSA from private w/ passphrase"); 310 buf = load_file("ecdsa_1_pw"); 311 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 312 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 313 sshbuf_free(buf); 314 ASSERT_PTR_NE(k2, NULL); 315 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 316 sshkey_free(k2); 317 TEST_DONE(); 318 319 TEST_START("parse ECDSA from new-format"); 320 buf = load_file("ecdsa_n"); 321 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 322 sshbuf_free(buf); 323 ASSERT_PTR_NE(k2, NULL); 324 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 325 sshkey_free(k2); 326 TEST_DONE(); 327 328 TEST_START("parse ECDSA from new-format w/ passphrase"); 329 buf = load_file("ecdsa_n_pw"); 330 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 331 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 332 sshbuf_free(buf); 333 ASSERT_PTR_NE(k2, NULL); 334 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 335 sshkey_free(k2); 336 TEST_DONE(); 337 338 TEST_START("load ECDSA from public"); 339 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 340 NULL), 0); 341 ASSERT_PTR_NE(k2, NULL); 342 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 343 sshkey_free(k2); 344 TEST_DONE(); 345 346 TEST_START("load ECDSA cert"); 347 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 348 ASSERT_PTR_NE(k2, NULL); 349 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 350 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 351 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 352 TEST_DONE(); 353 354 TEST_START("ECDSA key hex fingerprint"); 355 buf = load_text_file("ecdsa_1.fp"); 356 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 357 ASSERT_PTR_NE(cp, NULL); 358 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 359 sshbuf_free(buf); 360 free(cp); 361 TEST_DONE(); 362 363 TEST_START("ECDSA cert hex fingerprint"); 364 buf = load_text_file("ecdsa_1-cert.fp"); 365 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 366 ASSERT_PTR_NE(cp, NULL); 367 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 368 sshbuf_free(buf); 369 free(cp); 370 sshkey_free(k2); 371 TEST_DONE(); 372 373 TEST_START("ECDSA key bubblebabble fingerprint"); 374 buf = load_text_file("ecdsa_1.fp.bb"); 375 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 376 ASSERT_PTR_NE(cp, NULL); 377 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 378 sshbuf_free(buf); 379 free(cp); 380 TEST_DONE(); 381 382 sshkey_free(k1); 383 #endif /* OPENSSL_HAS_ECC */ 384 385 TEST_START("parse Ed25519 from private"); 386 buf = load_file("ed25519_1"); 387 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 388 sshbuf_free(buf); 389 ASSERT_PTR_NE(k1, NULL); 390 ASSERT_INT_EQ(k1->type, KEY_ED25519); 391 /* XXX check key contents */ 392 TEST_DONE(); 393 394 TEST_START("parse Ed25519 from private w/ passphrase"); 395 buf = load_file("ed25519_1_pw"); 396 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 397 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 398 sshbuf_free(buf); 399 ASSERT_PTR_NE(k2, NULL); 400 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 401 sshkey_free(k2); 402 TEST_DONE(); 403 404 TEST_START("load Ed25519 from public"); 405 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 406 NULL), 0); 407 ASSERT_PTR_NE(k2, NULL); 408 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 409 sshkey_free(k2); 410 TEST_DONE(); 411 412 TEST_START("load Ed25519 cert"); 413 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 414 ASSERT_PTR_NE(k2, NULL); 415 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 416 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 417 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 418 TEST_DONE(); 419 420 TEST_START("Ed25519 key hex fingerprint"); 421 buf = load_text_file("ed25519_1.fp"); 422 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 423 ASSERT_PTR_NE(cp, NULL); 424 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 425 sshbuf_free(buf); 426 free(cp); 427 TEST_DONE(); 428 429 TEST_START("Ed25519 cert hex fingerprint"); 430 buf = load_text_file("ed25519_1-cert.fp"); 431 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 432 ASSERT_PTR_NE(cp, NULL); 433 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 434 sshbuf_free(buf); 435 free(cp); 436 sshkey_free(k2); 437 TEST_DONE(); 438 439 TEST_START("Ed25519 key bubblebabble fingerprint"); 440 buf = load_text_file("ed25519_1.fp.bb"); 441 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 442 ASSERT_PTR_NE(cp, NULL); 443 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 444 sshbuf_free(buf); 445 free(cp); 446 TEST_DONE(); 447 448 sshkey_free(k1); 449 450 sshbuf_free(pw); 451 452 } 453