1 /* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */ 2 /* 3 * Regress test for sshkey.h key management API 4 * 5 * Placed in the public domain 6 */ 7 8 #include "includes.h" 9 10 #include <sys/types.h> 11 #include <sys/param.h> 12 #include <sys/stat.h> 13 #include <fcntl.h> 14 #include <stdio.h> 15 #ifdef HAVE_STDINT_H 16 #include <stdint.h> 17 #endif 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 22 #include <openssl/bn.h> 23 #include <openssl/rsa.h> 24 #include <openssl/dsa.h> 25 #include <openssl/objects.h> 26 #ifdef OPENSSL_HAS_NISTP256 27 # include <openssl/ec.h> 28 #endif 29 30 #include "../test_helper/test_helper.h" 31 32 #include "ssherr.h" 33 #include "authfile.h" 34 #include "sshkey.h" 35 #include "sshbuf.h" 36 #include "digest.h" 37 38 #include "common.h" 39 40 void sshkey_file_tests(void); 41 42 void 43 sshkey_file_tests(void) 44 { 45 struct sshkey *k1, *k2; 46 struct sshbuf *buf, *pw; 47 BIGNUM *a, *b, *c; 48 char *cp; 49 50 TEST_START("load passphrase"); 51 pw = load_text_file("pw"); 52 TEST_DONE(); 53 54 55 TEST_START("parse RSA from private"); 56 buf = load_file("rsa_1"); 57 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 58 sshbuf_free(buf); 59 ASSERT_PTR_NE(k1, NULL); 60 a = load_bignum("rsa_1.param.n"); 61 b = load_bignum("rsa_1.param.p"); 62 c = load_bignum("rsa_1.param.q"); 63 ASSERT_BIGNUM_EQ(rsa_n(k1), a); 64 ASSERT_BIGNUM_EQ(rsa_p(k1), b); 65 ASSERT_BIGNUM_EQ(rsa_q(k1), c); 66 BN_free(a); 67 BN_free(b); 68 BN_free(c); 69 TEST_DONE(); 70 71 TEST_START("parse RSA from private w/ passphrase"); 72 buf = load_file("rsa_1_pw"); 73 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 74 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 75 sshbuf_free(buf); 76 ASSERT_PTR_NE(k2, NULL); 77 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 78 sshkey_free(k2); 79 TEST_DONE(); 80 81 TEST_START("parse RSA from new-format"); 82 buf = load_file("rsa_n"); 83 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 84 sshbuf_free(buf); 85 ASSERT_PTR_NE(k2, NULL); 86 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 87 sshkey_free(k2); 88 TEST_DONE(); 89 90 TEST_START("parse RSA from new-format w/ passphrase"); 91 buf = load_file("rsa_n_pw"); 92 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 93 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 94 sshbuf_free(buf); 95 ASSERT_PTR_NE(k2, NULL); 96 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 97 sshkey_free(k2); 98 TEST_DONE(); 99 100 TEST_START("load RSA from public"); 101 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, 102 NULL), 0); 103 ASSERT_PTR_NE(k2, NULL); 104 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 105 sshkey_free(k2); 106 TEST_DONE(); 107 108 TEST_START("load RSA cert with SHA1 signature"); 109 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0); 110 ASSERT_PTR_NE(k2, NULL); 111 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 112 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 113 ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa"); 114 sshkey_free(k2); 115 TEST_DONE(); 116 117 TEST_START("load RSA cert with SHA512 signature"); 118 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0); 119 ASSERT_PTR_NE(k2, NULL); 120 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 121 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 122 ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512"); 123 sshkey_free(k2); 124 TEST_DONE(); 125 126 TEST_START("load RSA cert"); 127 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0); 128 ASSERT_PTR_NE(k2, NULL); 129 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT); 130 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 131 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 132 TEST_DONE(); 133 134 TEST_START("RSA key hex fingerprint"); 135 buf = load_text_file("rsa_1.fp"); 136 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 137 ASSERT_PTR_NE(cp, NULL); 138 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 139 sshbuf_free(buf); 140 free(cp); 141 TEST_DONE(); 142 143 TEST_START("RSA cert hex fingerprint"); 144 buf = load_text_file("rsa_1-cert.fp"); 145 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 146 ASSERT_PTR_NE(cp, NULL); 147 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 148 sshbuf_free(buf); 149 free(cp); 150 sshkey_free(k2); 151 TEST_DONE(); 152 153 TEST_START("RSA key bubblebabble fingerprint"); 154 buf = load_text_file("rsa_1.fp.bb"); 155 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 156 ASSERT_PTR_NE(cp, NULL); 157 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 158 sshbuf_free(buf); 159 free(cp); 160 TEST_DONE(); 161 162 sshkey_free(k1); 163 164 TEST_START("parse DSA from private"); 165 buf = load_file("dsa_1"); 166 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 167 sshbuf_free(buf); 168 ASSERT_PTR_NE(k1, NULL); 169 a = load_bignum("dsa_1.param.g"); 170 b = load_bignum("dsa_1.param.priv"); 171 c = load_bignum("dsa_1.param.pub"); 172 ASSERT_BIGNUM_EQ(dsa_g(k1), a); 173 ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b); 174 ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c); 175 BN_free(a); 176 BN_free(b); 177 BN_free(c); 178 TEST_DONE(); 179 180 TEST_START("parse DSA from private w/ passphrase"); 181 buf = load_file("dsa_1_pw"); 182 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 183 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 184 sshbuf_free(buf); 185 ASSERT_PTR_NE(k2, NULL); 186 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 187 sshkey_free(k2); 188 TEST_DONE(); 189 190 TEST_START("parse DSA from new-format"); 191 buf = load_file("dsa_n"); 192 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 193 sshbuf_free(buf); 194 ASSERT_PTR_NE(k2, NULL); 195 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 196 sshkey_free(k2); 197 TEST_DONE(); 198 199 TEST_START("parse DSA from new-format w/ passphrase"); 200 buf = load_file("dsa_n_pw"); 201 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 202 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 203 sshbuf_free(buf); 204 ASSERT_PTR_NE(k2, NULL); 205 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 206 sshkey_free(k2); 207 TEST_DONE(); 208 209 TEST_START("load DSA from public"); 210 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, 211 NULL), 0); 212 ASSERT_PTR_NE(k2, NULL); 213 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 214 sshkey_free(k2); 215 TEST_DONE(); 216 217 TEST_START("load DSA cert"); 218 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0); 219 ASSERT_PTR_NE(k2, NULL); 220 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT); 221 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 222 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 223 TEST_DONE(); 224 225 TEST_START("DSA key hex fingerprint"); 226 buf = load_text_file("dsa_1.fp"); 227 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 228 ASSERT_PTR_NE(cp, NULL); 229 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 230 sshbuf_free(buf); 231 free(cp); 232 TEST_DONE(); 233 234 TEST_START("DSA cert hex fingerprint"); 235 buf = load_text_file("dsa_1-cert.fp"); 236 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 237 ASSERT_PTR_NE(cp, NULL); 238 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 239 sshbuf_free(buf); 240 free(cp); 241 sshkey_free(k2); 242 TEST_DONE(); 243 244 TEST_START("DSA key bubblebabble fingerprint"); 245 buf = load_text_file("dsa_1.fp.bb"); 246 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 247 ASSERT_PTR_NE(cp, NULL); 248 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 249 sshbuf_free(buf); 250 free(cp); 251 TEST_DONE(); 252 253 sshkey_free(k1); 254 255 #ifdef OPENSSL_HAS_ECC 256 TEST_START("parse ECDSA from private"); 257 buf = load_file("ecdsa_1"); 258 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 259 sshbuf_free(buf); 260 ASSERT_PTR_NE(k1, NULL); 261 buf = load_text_file("ecdsa_1.param.curve"); 262 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf), 263 OBJ_nid2sn(k1->ecdsa_nid)); 264 sshbuf_free(buf); 265 a = load_bignum("ecdsa_1.param.priv"); 266 b = load_bignum("ecdsa_1.param.pub"); 267 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa), 268 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED, 269 NULL, NULL); 270 ASSERT_PTR_NE(c, NULL); 271 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a); 272 ASSERT_BIGNUM_EQ(b, c); 273 BN_free(a); 274 BN_free(b); 275 BN_free(c); 276 TEST_DONE(); 277 278 TEST_START("parse ECDSA from private w/ passphrase"); 279 buf = load_file("ecdsa_1_pw"); 280 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 281 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 282 sshbuf_free(buf); 283 ASSERT_PTR_NE(k2, NULL); 284 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 285 sshkey_free(k2); 286 TEST_DONE(); 287 288 TEST_START("parse ECDSA from new-format"); 289 buf = load_file("ecdsa_n"); 290 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); 291 sshbuf_free(buf); 292 ASSERT_PTR_NE(k2, NULL); 293 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 294 sshkey_free(k2); 295 TEST_DONE(); 296 297 TEST_START("parse ECDSA from new-format w/ passphrase"); 298 buf = load_file("ecdsa_n_pw"); 299 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 300 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 301 sshbuf_free(buf); 302 ASSERT_PTR_NE(k2, NULL); 303 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 304 sshkey_free(k2); 305 TEST_DONE(); 306 307 TEST_START("load ECDSA from public"); 308 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, 309 NULL), 0); 310 ASSERT_PTR_NE(k2, NULL); 311 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 312 sshkey_free(k2); 313 TEST_DONE(); 314 315 TEST_START("load ECDSA cert"); 316 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0); 317 ASSERT_PTR_NE(k2, NULL); 318 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT); 319 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 320 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 321 TEST_DONE(); 322 323 TEST_START("ECDSA key hex fingerprint"); 324 buf = load_text_file("ecdsa_1.fp"); 325 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 326 ASSERT_PTR_NE(cp, NULL); 327 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 328 sshbuf_free(buf); 329 free(cp); 330 TEST_DONE(); 331 332 TEST_START("ECDSA cert hex fingerprint"); 333 buf = load_text_file("ecdsa_1-cert.fp"); 334 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 335 ASSERT_PTR_NE(cp, NULL); 336 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 337 sshbuf_free(buf); 338 free(cp); 339 sshkey_free(k2); 340 TEST_DONE(); 341 342 TEST_START("ECDSA key bubblebabble fingerprint"); 343 buf = load_text_file("ecdsa_1.fp.bb"); 344 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 345 ASSERT_PTR_NE(cp, NULL); 346 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 347 sshbuf_free(buf); 348 free(cp); 349 TEST_DONE(); 350 351 sshkey_free(k1); 352 #endif /* OPENSSL_HAS_ECC */ 353 354 TEST_START("parse Ed25519 from private"); 355 buf = load_file("ed25519_1"); 356 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); 357 sshbuf_free(buf); 358 ASSERT_PTR_NE(k1, NULL); 359 ASSERT_INT_EQ(k1->type, KEY_ED25519); 360 /* XXX check key contents */ 361 TEST_DONE(); 362 363 TEST_START("parse Ed25519 from private w/ passphrase"); 364 buf = load_file("ed25519_1_pw"); 365 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, 366 (const char *)sshbuf_ptr(pw), &k2, NULL), 0); 367 sshbuf_free(buf); 368 ASSERT_PTR_NE(k2, NULL); 369 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 370 sshkey_free(k2); 371 TEST_DONE(); 372 373 TEST_START("load Ed25519 from public"); 374 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2, 375 NULL), 0); 376 ASSERT_PTR_NE(k2, NULL); 377 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); 378 sshkey_free(k2); 379 TEST_DONE(); 380 381 TEST_START("load Ed25519 cert"); 382 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0); 383 ASSERT_PTR_NE(k2, NULL); 384 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT); 385 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0); 386 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1); 387 TEST_DONE(); 388 389 TEST_START("Ed25519 key hex fingerprint"); 390 buf = load_text_file("ed25519_1.fp"); 391 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64); 392 ASSERT_PTR_NE(cp, NULL); 393 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 394 sshbuf_free(buf); 395 free(cp); 396 TEST_DONE(); 397 398 TEST_START("Ed25519 cert hex fingerprint"); 399 buf = load_text_file("ed25519_1-cert.fp"); 400 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64); 401 ASSERT_PTR_NE(cp, NULL); 402 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 403 sshbuf_free(buf); 404 free(cp); 405 sshkey_free(k2); 406 TEST_DONE(); 407 408 TEST_START("Ed25519 key bubblebabble fingerprint"); 409 buf = load_text_file("ed25519_1.fp.bb"); 410 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE); 411 ASSERT_PTR_NE(cp, NULL); 412 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf)); 413 sshbuf_free(buf); 414 free(cp); 415 TEST_DONE(); 416 417 sshkey_free(k1); 418 419 sshbuf_free(pw); 420 421 } 422