1 /* $OpenBSD: test_file.c,v 1.4 2015/07/07 14:53:30 markus Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #ifdef HAVE_STDINT_H 16 #include <stdint.h> 17 #endif 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 22 #include <openssl/bn.h> 23 #include <openssl/rsa.h> 24 #include <openssl/dsa.h> 25 #include <openssl/objects.h> 26 #ifdef OPENSSL_HAS_NISTP256 27 # include <openssl/ec.h> 28 #endif 29 30 #include "../test_helper/test_helper.h" 31 32 #include "ssherr.h" 33 #include "authfile.h" 34 #include "sshkey.h" 35 #include "sshbuf.h" 36 #include "digest.h" 37 38 #include "common.h" 39 40 void sshkey_file_tests(void); 41 42 void 43 sshkey_file_tests(void) 44 { 45 struct sshkey *k1, *k2; 46 struct sshbuf *buf, *pw; 47 BIGNUM *a, *b, *c; 48 char *cp; 49 50 TEST_START("load passphrase"); 51 pw = load_text_file("pw"); 52 TEST_DONE(); 53 54 #ifdef WITH_SSH1 55 TEST_START("parse RSA1 from private"); 56 buf = load_file("rsa1_1"); 57 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1", 58 &k1, NULL), 0); 59 sshbuf_free(buf); 60 ASSERT_PTR_NE(k1, NULL); 61 a = load_bignum("rsa1_1.param.n"); 62 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 63 BN_free(a); 64 TEST_DONE(); 65 66 TEST_START("parse RSA1 from private w/ passphrase"); 67 buf = load_file("rsa1_1_pw"); 68 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 69 (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0); 70 sshbuf_free(buf); 71 ASSERT_PTR_NE(k2, NULL); 72 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 73 sshkey_free(k2); 74 TEST_DONE(); 75 76 TEST_START("load RSA1 from public"); 77 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2, 78 NULL), 0); 79 ASSERT_PTR_NE(k2, NULL); 80 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 81 sshkey_free(k2); 82 TEST_DONE(); 83 84 TEST_START("RSA1 key hex fingerprint"); 85 buf = load_text_file("rsa1_1.fp"); 86 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 87 ASSERT_PTR_NE(cp, NULL); 88 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 89 sshbuf_free(buf); 90 free(cp); 91 TEST_DONE(); 92 93 TEST_START("RSA1 key bubblebabble fingerprint"); 94 buf = load_text_file("rsa1_1.fp.bb"); 95 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 96 ASSERT_PTR_NE(cp, NULL); 97 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 98 sshbuf_free(buf); 99 free(cp); 100 TEST_DONE(); 101 102 sshkey_free(k1); 103 #endif 104 105 TEST_START("parse RSA from private"); 106 buf = load_file("rsa_1"); 107 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", 108 &k1, NULL), 0); 109 sshbuf_free(buf); 110 ASSERT_PTR_NE(k1, NULL); 111 a = load_bignum("rsa_1.param.n"); 112 b = load_bignum("rsa_1.param.p"); 113 c = load_bignum("rsa_1.param.q"); 114 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 115 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 116 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 117 BN_free(a); 118 BN_free(b); 119 BN_free(c); 120 TEST_DONE(); 121 122 TEST_START("parse RSA from private w/ passphrase"); 123 buf = load_file("rsa_1_pw"); 124 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 125 (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0); 126 sshbuf_free(buf); 127 ASSERT_PTR_NE(k2, NULL); 128 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 129 sshkey_free(k2); 130 TEST_DONE(); 131 132 TEST_START("parse RSA from new-format"); 133 buf = load_file("rsa_n"); 134 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 135 "", "rsa_n", &k2, NULL), 0); 136 sshbuf_free(buf); 137 ASSERT_PTR_NE(k2, NULL); 138 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 139 sshkey_free(k2); 140 TEST_DONE(); 141 142 TEST_START("parse RSA from new-format w/ passphrase"); 143 buf = load_file("rsa_n_pw"); 144 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 145 (const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0); 146 sshbuf_free(buf); 147 ASSERT_PTR_NE(k2, NULL); 148 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 149 sshkey_free(k2); 150 TEST_DONE(); 151 152 TEST_START("load RSA from public"); 153 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 154 NULL), 0); 155 ASSERT_PTR_NE(k2, NULL); 156 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 157 sshkey_free(k2); 158 TEST_DONE(); 159 160 TEST_START("load RSA cert"); 161 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 162 ASSERT_PTR_NE(k2, NULL); 163 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 164 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 165 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 166 TEST_DONE(); 167 168 TEST_START("RSA key hex fingerprint"); 169 buf = load_text_file("rsa_1.fp"); 170 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 171 ASSERT_PTR_NE(cp, NULL); 172 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 173 sshbuf_free(buf); 174 free(cp); 175 TEST_DONE(); 176 177 TEST_START("RSA cert hex fingerprint"); 178 buf = load_text_file("rsa_1-cert.fp"); 179 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 180 ASSERT_PTR_NE(cp, NULL); 181 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 182 sshbuf_free(buf); 183 free(cp); 184 sshkey_free(k2); 185 TEST_DONE(); 186 187 TEST_START("RSA key bubblebabble fingerprint"); 188 buf = load_text_file("rsa_1.fp.bb"); 189 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 190 ASSERT_PTR_NE(cp, NULL); 191 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 192 sshbuf_free(buf); 193 free(cp); 194 TEST_DONE(); 195 196 sshkey_free(k1); 197 198 TEST_START("parse DSA from private"); 199 buf = load_file("dsa_1"); 200 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1", 201 &k1, NULL), 0); 202 sshbuf_free(buf); 203 ASSERT_PTR_NE(k1, NULL); 204 a = load_bignum("dsa_1.param.g"); 205 b = load_bignum("dsa_1.param.priv"); 206 c = load_bignum("dsa_1.param.pub"); 207 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 208 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 209 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 210 BN_free(a); 211 BN_free(b); 212 BN_free(c); 213 TEST_DONE(); 214 215 TEST_START("parse DSA from private w/ passphrase"); 216 buf = load_file("dsa_1_pw"); 217 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 218 (const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0); 219 sshbuf_free(buf); 220 ASSERT_PTR_NE(k2, NULL); 221 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 222 sshkey_free(k2); 223 TEST_DONE(); 224 225 TEST_START("parse DSA from new-format"); 226 buf = load_file("dsa_n"); 227 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 228 "", "dsa_n", &k2, NULL), 0); 229 sshbuf_free(buf); 230 ASSERT_PTR_NE(k2, NULL); 231 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 232 sshkey_free(k2); 233 TEST_DONE(); 234 235 TEST_START("parse DSA from new-format w/ passphrase"); 236 buf = load_file("dsa_n_pw"); 237 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 238 (const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0); 239 sshbuf_free(buf); 240 ASSERT_PTR_NE(k2, NULL); 241 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 242 sshkey_free(k2); 243 TEST_DONE(); 244 245 TEST_START("load DSA from public"); 246 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 247 NULL), 0); 248 ASSERT_PTR_NE(k2, NULL); 249 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 250 sshkey_free(k2); 251 TEST_DONE(); 252 253 TEST_START("load DSA cert"); 254 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 255 ASSERT_PTR_NE(k2, NULL); 256 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 257 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 258 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 259 TEST_DONE(); 260 261 TEST_START("DSA key hex fingerprint"); 262 buf = load_text_file("dsa_1.fp"); 263 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 264 ASSERT_PTR_NE(cp, NULL); 265 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 266 sshbuf_free(buf); 267 free(cp); 268 TEST_DONE(); 269 270 TEST_START("DSA cert hex fingerprint"); 271 buf = load_text_file("dsa_1-cert.fp"); 272 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 273 ASSERT_PTR_NE(cp, NULL); 274 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 275 sshbuf_free(buf); 276 free(cp); 277 sshkey_free(k2); 278 TEST_DONE(); 279 280 TEST_START("DSA key bubblebabble fingerprint"); 281 buf = load_text_file("dsa_1.fp.bb"); 282 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 283 ASSERT_PTR_NE(cp, NULL); 284 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 285 sshbuf_free(buf); 286 free(cp); 287 TEST_DONE(); 288 289 sshkey_free(k1); 290 291 #ifdef OPENSSL_HAS_ECC 292 TEST_START("parse ECDSA from private"); 293 buf = load_file("ecdsa_1"); 294 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1", 295 &k1, NULL), 0); 296 sshbuf_free(buf); 297 ASSERT_PTR_NE(k1, NULL); 298 buf = load_text_file("ecdsa_1.param.curve"); 299 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 300 OBJ_nid2sn(k1->ecdsa_nid)); 301 sshbuf_free(buf); 302 a = load_bignum("ecdsa_1.param.priv"); 303 b = load_bignum("ecdsa_1.param.pub"); 304 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 305 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 306 NULL, NULL); 307 ASSERT_PTR_NE(c, NULL); 308 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 309 ASSERT_BIGNUM_EQ(b, c); 310 BN_free(a); 311 BN_free(b); 312 BN_free(c); 313 TEST_DONE(); 314 315 TEST_START("parse ECDSA from private w/ passphrase"); 316 buf = load_file("ecdsa_1_pw"); 317 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 318 (const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0); 319 sshbuf_free(buf); 320 ASSERT_PTR_NE(k2, NULL); 321 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 322 sshkey_free(k2); 323 TEST_DONE(); 324 325 TEST_START("parse ECDSA from new-format"); 326 buf = load_file("ecdsa_n"); 327 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 328 "", "ecdsa_n", &k2, NULL), 0); 329 sshbuf_free(buf); 330 ASSERT_PTR_NE(k2, NULL); 331 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 332 sshkey_free(k2); 333 TEST_DONE(); 334 335 TEST_START("parse ECDSA from new-format w/ passphrase"); 336 buf = load_file("ecdsa_n_pw"); 337 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 338 (const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0); 339 sshbuf_free(buf); 340 ASSERT_PTR_NE(k2, NULL); 341 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 342 sshkey_free(k2); 343 TEST_DONE(); 344 345 TEST_START("load ECDSA from public"); 346 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 347 NULL), 0); 348 ASSERT_PTR_NE(k2, NULL); 349 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 350 sshkey_free(k2); 351 TEST_DONE(); 352 353 TEST_START("load ECDSA cert"); 354 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 355 ASSERT_PTR_NE(k2, NULL); 356 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 357 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 358 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 359 TEST_DONE(); 360 361 TEST_START("ECDSA key hex fingerprint"); 362 buf = load_text_file("ecdsa_1.fp"); 363 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 364 ASSERT_PTR_NE(cp, NULL); 365 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 366 sshbuf_free(buf); 367 free(cp); 368 TEST_DONE(); 369 370 TEST_START("ECDSA cert hex fingerprint"); 371 buf = load_text_file("ecdsa_1-cert.fp"); 372 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 373 ASSERT_PTR_NE(cp, NULL); 374 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 375 sshbuf_free(buf); 376 free(cp); 377 sshkey_free(k2); 378 TEST_DONE(); 379 380 TEST_START("ECDSA key bubblebabble fingerprint"); 381 buf = load_text_file("ecdsa_1.fp.bb"); 382 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 383 ASSERT_PTR_NE(cp, NULL); 384 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 385 sshbuf_free(buf); 386 free(cp); 387 TEST_DONE(); 388 389 sshkey_free(k1); 390 #endif /* OPENSSL_HAS_ECC */ 391 392 TEST_START("parse Ed25519 from private"); 393 buf = load_file("ed25519_1"); 394 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1", 395 &k1, NULL), 0); 396 sshbuf_free(buf); 397 ASSERT_PTR_NE(k1, NULL); 398 ASSERT_INT_EQ(k1->type, KEY_ED25519); 399 /* XXX check key contents */ 400 TEST_DONE(); 401 402 TEST_START("parse Ed25519 from private w/ passphrase"); 403 buf = load_file("ed25519_1_pw"); 404 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 405 (const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0); 406 sshbuf_free(buf); 407 ASSERT_PTR_NE(k2, NULL); 408 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 409 sshkey_free(k2); 410 TEST_DONE(); 411 412 TEST_START("load Ed25519 from public"); 413 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 414 NULL), 0); 415 ASSERT_PTR_NE(k2, NULL); 416 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 417 sshkey_free(k2); 418 TEST_DONE(); 419 420 TEST_START("load Ed25519 cert"); 421 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 422 ASSERT_PTR_NE(k2, NULL); 423 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 424 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 425 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 426 TEST_DONE(); 427 428 TEST_START("Ed25519 key hex fingerprint"); 429 buf = load_text_file("ed25519_1.fp"); 430 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 431 ASSERT_PTR_NE(cp, NULL); 432 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 433 sshbuf_free(buf); 434 free(cp); 435 TEST_DONE(); 436 437 TEST_START("Ed25519 cert hex fingerprint"); 438 buf = load_text_file("ed25519_1-cert.fp"); 439 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 440 ASSERT_PTR_NE(cp, NULL); 441 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 442 sshbuf_free(buf); 443 free(cp); 444 sshkey_free(k2); 445 TEST_DONE(); 446 447 TEST_START("Ed25519 key bubblebabble fingerprint"); 448 buf = load_text_file("ed25519_1.fp.bb"); 449 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 450 ASSERT_PTR_NE(cp, NULL); 451 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 452 sshbuf_free(buf); 453 free(cp); 454 TEST_DONE(); 455 456 sshkey_free(k1); 457 458 sshbuf_free(pw); 459 460 } 461