1 /* $OpenBSD: test_file.c,v 1.6 2017/04/30 23:33:48 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #ifdef HAVE_STDINT_H 16 #include <stdint.h> 17 #endif 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 22 #include <openssl/bn.h> 23 #include <openssl/rsa.h> 24 #include <openssl/dsa.h> 25 #include <openssl/objects.h> 26 #ifdef OPENSSL_HAS_NISTP256 27 # include <openssl/ec.h> 28 #endif 29 30 #include "../test_helper/test_helper.h" 31 32 #include "ssherr.h" 33 #include "authfile.h" 34 #include "sshkey.h" 35 #include "sshbuf.h" 36 #include "digest.h" 37 38 #include "common.h" 39 40 void sshkey_file_tests(void); 41 42 void 43 sshkey_file_tests(void) 44 { 45 struct sshkey *k1, *k2; 46 struct sshbuf *buf, *pw; 47 BIGNUM *a, *b, *c; 48 char *cp; 49 50 TEST_START("load passphrase"); 51 pw = load_text_file("pw"); 52 TEST_DONE(); 53 54 55 TEST_START("parse RSA from private"); 56 buf = load_file("rsa_1"); 57 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 58 sshbuf_free(buf); 59 ASSERT_PTR_NE(k1, NULL); 60 a = load_bignum("rsa_1.param.n"); 61 b = load_bignum("rsa_1.param.p"); 62 c = load_bignum("rsa_1.param.q"); 63 ASSERT_BIGNUM_EQ(k1->rsa->n, a); 64 ASSERT_BIGNUM_EQ(k1->rsa->p, b); 65 ASSERT_BIGNUM_EQ(k1->rsa->q, c); 66 BN_free(a); 67 BN_free(b); 68 BN_free(c); 69 TEST_DONE(); 70 71 TEST_START("parse RSA from private w/ passphrase"); 72 buf = load_file("rsa_1_pw"); 73 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 74 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 75 sshbuf_free(buf); 76 ASSERT_PTR_NE(k2, NULL); 77 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 78 sshkey_free(k2); 79 TEST_DONE(); 80 81 TEST_START("parse RSA from new-format"); 82 buf = load_file("rsa_n"); 83 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 84 sshbuf_free(buf); 85 ASSERT_PTR_NE(k2, NULL); 86 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 87 sshkey_free(k2); 88 TEST_DONE(); 89 90 TEST_START("parse RSA from new-format w/ passphrase"); 91 buf = load_file("rsa_n_pw"); 92 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 93 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 94 sshbuf_free(buf); 95 ASSERT_PTR_NE(k2, NULL); 96 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 97 sshkey_free(k2); 98 TEST_DONE(); 99 100 TEST_START("load RSA from public"); 101 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 102 NULL), 0); 103 ASSERT_PTR_NE(k2, NULL); 104 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 105 sshkey_free(k2); 106 TEST_DONE(); 107 108 TEST_START("load RSA cert"); 109 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 110 ASSERT_PTR_NE(k2, NULL); 111 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 112 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 113 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 114 TEST_DONE(); 115 116 TEST_START("RSA key hex fingerprint"); 117 buf = load_text_file("rsa_1.fp"); 118 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 119 ASSERT_PTR_NE(cp, NULL); 120 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 121 sshbuf_free(buf); 122 free(cp); 123 TEST_DONE(); 124 125 TEST_START("RSA cert hex fingerprint"); 126 buf = load_text_file("rsa_1-cert.fp"); 127 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 128 ASSERT_PTR_NE(cp, NULL); 129 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 130 sshbuf_free(buf); 131 free(cp); 132 sshkey_free(k2); 133 TEST_DONE(); 134 135 TEST_START("RSA key bubblebabble fingerprint"); 136 buf = load_text_file("rsa_1.fp.bb"); 137 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 138 ASSERT_PTR_NE(cp, NULL); 139 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 140 sshbuf_free(buf); 141 free(cp); 142 TEST_DONE(); 143 144 sshkey_free(k1); 145 146 TEST_START("parse DSA from private"); 147 buf = load_file("dsa_1"); 148 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 149 sshbuf_free(buf); 150 ASSERT_PTR_NE(k1, NULL); 151 a = load_bignum("dsa_1.param.g"); 152 b = load_bignum("dsa_1.param.priv"); 153 c = load_bignum("dsa_1.param.pub"); 154 ASSERT_BIGNUM_EQ(k1->dsa->g, a); 155 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); 156 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); 157 BN_free(a); 158 BN_free(b); 159 BN_free(c); 160 TEST_DONE(); 161 162 TEST_START("parse DSA from private w/ passphrase"); 163 buf = load_file("dsa_1_pw"); 164 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 165 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 166 sshbuf_free(buf); 167 ASSERT_PTR_NE(k2, NULL); 168 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 169 sshkey_free(k2); 170 TEST_DONE(); 171 172 TEST_START("parse DSA from new-format"); 173 buf = load_file("dsa_n"); 174 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 175 sshbuf_free(buf); 176 ASSERT_PTR_NE(k2, NULL); 177 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 178 sshkey_free(k2); 179 TEST_DONE(); 180 181 TEST_START("parse DSA from new-format w/ passphrase"); 182 buf = load_file("dsa_n_pw"); 183 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 184 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 185 sshbuf_free(buf); 186 ASSERT_PTR_NE(k2, NULL); 187 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 188 sshkey_free(k2); 189 TEST_DONE(); 190 191 TEST_START("load DSA from public"); 192 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 193 NULL), 0); 194 ASSERT_PTR_NE(k2, NULL); 195 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 196 sshkey_free(k2); 197 TEST_DONE(); 198 199 TEST_START("load DSA cert"); 200 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 201 ASSERT_PTR_NE(k2, NULL); 202 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 203 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 204 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 205 TEST_DONE(); 206 207 TEST_START("DSA key hex fingerprint"); 208 buf = load_text_file("dsa_1.fp"); 209 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 210 ASSERT_PTR_NE(cp, NULL); 211 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 212 sshbuf_free(buf); 213 free(cp); 214 TEST_DONE(); 215 216 TEST_START("DSA cert hex fingerprint"); 217 buf = load_text_file("dsa_1-cert.fp"); 218 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 219 ASSERT_PTR_NE(cp, NULL); 220 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 221 sshbuf_free(buf); 222 free(cp); 223 sshkey_free(k2); 224 TEST_DONE(); 225 226 TEST_START("DSA key bubblebabble fingerprint"); 227 buf = load_text_file("dsa_1.fp.bb"); 228 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 229 ASSERT_PTR_NE(cp, NULL); 230 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 231 sshbuf_free(buf); 232 free(cp); 233 TEST_DONE(); 234 235 sshkey_free(k1); 236 237 #ifdef OPENSSL_HAS_ECC 238 TEST_START("parse ECDSA from private"); 239 buf = load_file("ecdsa_1"); 240 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 241 sshbuf_free(buf); 242 ASSERT_PTR_NE(k1, NULL); 243 buf = load_text_file("ecdsa_1.param.curve"); 244 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 245 OBJ_nid2sn(k1->ecdsa_nid)); 246 sshbuf_free(buf); 247 a = load_bignum("ecdsa_1.param.priv"); 248 b = load_bignum("ecdsa_1.param.pub"); 249 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 250 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 251 NULL, NULL); 252 ASSERT_PTR_NE(c, NULL); 253 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 254 ASSERT_BIGNUM_EQ(b, c); 255 BN_free(a); 256 BN_free(b); 257 BN_free(c); 258 TEST_DONE(); 259 260 TEST_START("parse ECDSA from private w/ passphrase"); 261 buf = load_file("ecdsa_1_pw"); 262 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 263 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 264 sshbuf_free(buf); 265 ASSERT_PTR_NE(k2, NULL); 266 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 267 sshkey_free(k2); 268 TEST_DONE(); 269 270 TEST_START("parse ECDSA from new-format"); 271 buf = load_file("ecdsa_n"); 272 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 273 sshbuf_free(buf); 274 ASSERT_PTR_NE(k2, NULL); 275 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 276 sshkey_free(k2); 277 TEST_DONE(); 278 279 TEST_START("parse ECDSA from new-format w/ passphrase"); 280 buf = load_file("ecdsa_n_pw"); 281 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 282 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 283 sshbuf_free(buf); 284 ASSERT_PTR_NE(k2, NULL); 285 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 286 sshkey_free(k2); 287 TEST_DONE(); 288 289 TEST_START("load ECDSA from public"); 290 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 291 NULL), 0); 292 ASSERT_PTR_NE(k2, NULL); 293 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 294 sshkey_free(k2); 295 TEST_DONE(); 296 297 TEST_START("load ECDSA cert"); 298 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 299 ASSERT_PTR_NE(k2, NULL); 300 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 301 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 302 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 303 TEST_DONE(); 304 305 TEST_START("ECDSA key hex fingerprint"); 306 buf = load_text_file("ecdsa_1.fp"); 307 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 308 ASSERT_PTR_NE(cp, NULL); 309 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 310 sshbuf_free(buf); 311 free(cp); 312 TEST_DONE(); 313 314 TEST_START("ECDSA cert hex fingerprint"); 315 buf = load_text_file("ecdsa_1-cert.fp"); 316 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 317 ASSERT_PTR_NE(cp, NULL); 318 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 319 sshbuf_free(buf); 320 free(cp); 321 sshkey_free(k2); 322 TEST_DONE(); 323 324 TEST_START("ECDSA key bubblebabble fingerprint"); 325 buf = load_text_file("ecdsa_1.fp.bb"); 326 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 327 ASSERT_PTR_NE(cp, NULL); 328 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 329 sshbuf_free(buf); 330 free(cp); 331 TEST_DONE(); 332 333 sshkey_free(k1); 334 #endif /* OPENSSL_HAS_ECC */ 335 336 TEST_START("parse Ed25519 from private"); 337 buf = load_file("ed25519_1"); 338 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 339 sshbuf_free(buf); 340 ASSERT_PTR_NE(k1, NULL); 341 ASSERT_INT_EQ(k1->type, KEY_ED25519); 342 /* XXX check key contents */ 343 TEST_DONE(); 344 345 TEST_START("parse Ed25519 from private w/ passphrase"); 346 buf = load_file("ed25519_1_pw"); 347 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 348 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 349 sshbuf_free(buf); 350 ASSERT_PTR_NE(k2, NULL); 351 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 352 sshkey_free(k2); 353 TEST_DONE(); 354 355 TEST_START("load Ed25519 from public"); 356 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 357 NULL), 0); 358 ASSERT_PTR_NE(k2, NULL); 359 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 360 sshkey_free(k2); 361 TEST_DONE(); 362 363 TEST_START("load Ed25519 cert"); 364 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 365 ASSERT_PTR_NE(k2, NULL); 366 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 367 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 368 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 369 TEST_DONE(); 370 371 TEST_START("Ed25519 key hex fingerprint"); 372 buf = load_text_file("ed25519_1.fp"); 373 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 374 ASSERT_PTR_NE(cp, NULL); 375 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 376 sshbuf_free(buf); 377 free(cp); 378 TEST_DONE(); 379 380 TEST_START("Ed25519 cert hex fingerprint"); 381 buf = load_text_file("ed25519_1-cert.fp"); 382 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 383 ASSERT_PTR_NE(cp, NULL); 384 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 385 sshbuf_free(buf); 386 free(cp); 387 sshkey_free(k2); 388 TEST_DONE(); 389 390 TEST_START("Ed25519 key bubblebabble fingerprint"); 391 buf = load_text_file("ed25519_1.fp.bb"); 392 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 393 ASSERT_PTR_NE(cp, NULL); 394 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 395 sshbuf_free(buf); 396 free(cp); 397 TEST_DONE(); 398 399 sshkey_free(k1); 400 401 sshbuf_free(pw); 402 403 } 404