1 /* $OpenBSD: test_file.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */
2 /*
3 * Regress test for sshkey.h key management API
4 *
5 * Placed in the public domain
6 */
7
8 #include "includes.h"
9
10 #include <sys/types.h>
11 #include <sys/param.h>
12 #include <sys/stat.h>
13 #include <fcntl.h>
14 #include <stdio.h>
15 #ifdef HAVE_STDINT_H
16 #include <stdint.h>
17 #endif
18 #include <stdlib.h>
19 #include <string.h>
20 #include <unistd.h>
21
22 #include <openssl/bn.h>
23 #include <openssl/rsa.h>
24 #include <openssl/dsa.h>
25 #include <openssl/objects.h>
26 #ifdef OPENSSL_HAS_NISTP256
27 # include <openssl/ec.h>
28 #endif
29
30 #include "../test_helper/test_helper.h"
31
32 #include "ssherr.h"
33 #include "authfile.h"
34 #include "sshkey.h"
35 #include "sshbuf.h"
36 #include "digest.h"
37
38 #include "common.h"
39
40 void sshkey_file_tests(void);
41
42 void
sshkey_file_tests(void)43 sshkey_file_tests(void)
44 {
45 struct sshkey *k1, *k2;
46 struct sshbuf *buf, *pw;
47 BIGNUM *a, *b, *c;
48 char *cp;
49
50 TEST_START("load passphrase");
51 pw = load_text_file("pw");
52 TEST_DONE();
53
54 #ifdef WITH_SSH1
55 TEST_START("parse RSA1 from private");
56 buf = load_file("rsa1_1");
57 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
58 sshbuf_free(buf);
59 ASSERT_PTR_NE(k1, NULL);
60 a = load_bignum("rsa1_1.param.n");
61 ASSERT_BIGNUM_EQ(k1->rsa->n, a);
62 BN_free(a);
63 TEST_DONE();
64
65 TEST_START("parse RSA1 from private w/ passphrase");
66 buf = load_file("rsa1_1_pw");
67 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
68 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
69 sshbuf_free(buf);
70 ASSERT_PTR_NE(k2, NULL);
71 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
72 sshkey_free(k2);
73 TEST_DONE();
74
75 TEST_START("load RSA1 from public");
76 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2,
77 NULL), 0);
78 ASSERT_PTR_NE(k2, NULL);
79 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
80 sshkey_free(k2);
81 TEST_DONE();
82
83 TEST_START("RSA1 key hex fingerprint");
84 buf = load_text_file("rsa1_1.fp");
85 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
86 ASSERT_PTR_NE(cp, NULL);
87 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
88 sshbuf_free(buf);
89 free(cp);
90 TEST_DONE();
91
92 TEST_START("RSA1 key bubblebabble fingerprint");
93 buf = load_text_file("rsa1_1.fp.bb");
94 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
95 ASSERT_PTR_NE(cp, NULL);
96 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
97 sshbuf_free(buf);
98 free(cp);
99 TEST_DONE();
100
101 sshkey_free(k1);
102 #endif
103
104 TEST_START("parse RSA from private");
105 buf = load_file("rsa_1");
106 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
107 sshbuf_free(buf);
108 ASSERT_PTR_NE(k1, NULL);
109 a = load_bignum("rsa_1.param.n");
110 b = load_bignum("rsa_1.param.p");
111 c = load_bignum("rsa_1.param.q");
112 ASSERT_BIGNUM_EQ(k1->rsa->n, a);
113 ASSERT_BIGNUM_EQ(k1->rsa->p, b);
114 ASSERT_BIGNUM_EQ(k1->rsa->q, c);
115 BN_free(a);
116 BN_free(b);
117 BN_free(c);
118 TEST_DONE();
119
120 TEST_START("parse RSA from private w/ passphrase");
121 buf = load_file("rsa_1_pw");
122 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
123 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
124 sshbuf_free(buf);
125 ASSERT_PTR_NE(k2, NULL);
126 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
127 sshkey_free(k2);
128 TEST_DONE();
129
130 TEST_START("parse RSA from new-format");
131 buf = load_file("rsa_n");
132 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
133 sshbuf_free(buf);
134 ASSERT_PTR_NE(k2, NULL);
135 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
136 sshkey_free(k2);
137 TEST_DONE();
138
139 TEST_START("parse RSA from new-format w/ passphrase");
140 buf = load_file("rsa_n_pw");
141 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
142 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
143 sshbuf_free(buf);
144 ASSERT_PTR_NE(k2, NULL);
145 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
146 sshkey_free(k2);
147 TEST_DONE();
148
149 TEST_START("load RSA from public");
150 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
151 NULL), 0);
152 ASSERT_PTR_NE(k2, NULL);
153 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
154 sshkey_free(k2);
155 TEST_DONE();
156
157 TEST_START("load RSA cert");
158 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
159 ASSERT_PTR_NE(k2, NULL);
160 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
161 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
162 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
163 TEST_DONE();
164
165 TEST_START("RSA key hex fingerprint");
166 buf = load_text_file("rsa_1.fp");
167 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
168 ASSERT_PTR_NE(cp, NULL);
169 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
170 sshbuf_free(buf);
171 free(cp);
172 TEST_DONE();
173
174 TEST_START("RSA cert hex fingerprint");
175 buf = load_text_file("rsa_1-cert.fp");
176 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
177 ASSERT_PTR_NE(cp, NULL);
178 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
179 sshbuf_free(buf);
180 free(cp);
181 sshkey_free(k2);
182 TEST_DONE();
183
184 TEST_START("RSA key bubblebabble fingerprint");
185 buf = load_text_file("rsa_1.fp.bb");
186 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
187 ASSERT_PTR_NE(cp, NULL);
188 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
189 sshbuf_free(buf);
190 free(cp);
191 TEST_DONE();
192
193 sshkey_free(k1);
194
195 TEST_START("parse DSA from private");
196 buf = load_file("dsa_1");
197 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
198 sshbuf_free(buf);
199 ASSERT_PTR_NE(k1, NULL);
200 a = load_bignum("dsa_1.param.g");
201 b = load_bignum("dsa_1.param.priv");
202 c = load_bignum("dsa_1.param.pub");
203 ASSERT_BIGNUM_EQ(k1->dsa->g, a);
204 ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
205 ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
206 BN_free(a);
207 BN_free(b);
208 BN_free(c);
209 TEST_DONE();
210
211 TEST_START("parse DSA from private w/ passphrase");
212 buf = load_file("dsa_1_pw");
213 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
214 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
215 sshbuf_free(buf);
216 ASSERT_PTR_NE(k2, NULL);
217 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
218 sshkey_free(k2);
219 TEST_DONE();
220
221 TEST_START("parse DSA from new-format");
222 buf = load_file("dsa_n");
223 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
224 sshbuf_free(buf);
225 ASSERT_PTR_NE(k2, NULL);
226 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
227 sshkey_free(k2);
228 TEST_DONE();
229
230 TEST_START("parse DSA from new-format w/ passphrase");
231 buf = load_file("dsa_n_pw");
232 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
233 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
234 sshbuf_free(buf);
235 ASSERT_PTR_NE(k2, NULL);
236 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
237 sshkey_free(k2);
238 TEST_DONE();
239
240 TEST_START("load DSA from public");
241 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
242 NULL), 0);
243 ASSERT_PTR_NE(k2, NULL);
244 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
245 sshkey_free(k2);
246 TEST_DONE();
247
248 TEST_START("load DSA cert");
249 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
250 ASSERT_PTR_NE(k2, NULL);
251 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
252 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
253 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
254 TEST_DONE();
255
256 TEST_START("DSA key hex fingerprint");
257 buf = load_text_file("dsa_1.fp");
258 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
259 ASSERT_PTR_NE(cp, NULL);
260 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
261 sshbuf_free(buf);
262 free(cp);
263 TEST_DONE();
264
265 TEST_START("DSA cert hex fingerprint");
266 buf = load_text_file("dsa_1-cert.fp");
267 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
268 ASSERT_PTR_NE(cp, NULL);
269 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
270 sshbuf_free(buf);
271 free(cp);
272 sshkey_free(k2);
273 TEST_DONE();
274
275 TEST_START("DSA key bubblebabble fingerprint");
276 buf = load_text_file("dsa_1.fp.bb");
277 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
278 ASSERT_PTR_NE(cp, NULL);
279 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
280 sshbuf_free(buf);
281 free(cp);
282 TEST_DONE();
283
284 sshkey_free(k1);
285
286 #ifdef OPENSSL_HAS_ECC
287 TEST_START("parse ECDSA from private");
288 buf = load_file("ecdsa_1");
289 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
290 sshbuf_free(buf);
291 ASSERT_PTR_NE(k1, NULL);
292 buf = load_text_file("ecdsa_1.param.curve");
293 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf),
294 OBJ_nid2sn(k1->ecdsa_nid));
295 sshbuf_free(buf);
296 a = load_bignum("ecdsa_1.param.priv");
297 b = load_bignum("ecdsa_1.param.pub");
298 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),
299 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,
300 NULL, NULL);
301 ASSERT_PTR_NE(c, NULL);
302 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);
303 ASSERT_BIGNUM_EQ(b, c);
304 BN_free(a);
305 BN_free(b);
306 BN_free(c);
307 TEST_DONE();
308
309 TEST_START("parse ECDSA from private w/ passphrase");
310 buf = load_file("ecdsa_1_pw");
311 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
312 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
313 sshbuf_free(buf);
314 ASSERT_PTR_NE(k2, NULL);
315 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
316 sshkey_free(k2);
317 TEST_DONE();
318
319 TEST_START("parse ECDSA from new-format");
320 buf = load_file("ecdsa_n");
321 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
322 sshbuf_free(buf);
323 ASSERT_PTR_NE(k2, NULL);
324 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
325 sshkey_free(k2);
326 TEST_DONE();
327
328 TEST_START("parse ECDSA from new-format w/ passphrase");
329 buf = load_file("ecdsa_n_pw");
330 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
331 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
332 sshbuf_free(buf);
333 ASSERT_PTR_NE(k2, NULL);
334 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
335 sshkey_free(k2);
336 TEST_DONE();
337
338 TEST_START("load ECDSA from public");
339 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
340 NULL), 0);
341 ASSERT_PTR_NE(k2, NULL);
342 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
343 sshkey_free(k2);
344 TEST_DONE();
345
346 TEST_START("load ECDSA cert");
347 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0);
348 ASSERT_PTR_NE(k2, NULL);
349 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT);
350 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
351 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
352 TEST_DONE();
353
354 TEST_START("ECDSA key hex fingerprint");
355 buf = load_text_file("ecdsa_1.fp");
356 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
357 ASSERT_PTR_NE(cp, NULL);
358 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
359 sshbuf_free(buf);
360 free(cp);
361 TEST_DONE();
362
363 TEST_START("ECDSA cert hex fingerprint");
364 buf = load_text_file("ecdsa_1-cert.fp");
365 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
366 ASSERT_PTR_NE(cp, NULL);
367 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
368 sshbuf_free(buf);
369 free(cp);
370 sshkey_free(k2);
371 TEST_DONE();
372
373 TEST_START("ECDSA key bubblebabble fingerprint");
374 buf = load_text_file("ecdsa_1.fp.bb");
375 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
376 ASSERT_PTR_NE(cp, NULL);
377 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
378 sshbuf_free(buf);
379 free(cp);
380 TEST_DONE();
381
382 sshkey_free(k1);
383 #endif /* OPENSSL_HAS_ECC */
384
385 TEST_START("parse Ed25519 from private");
386 buf = load_file("ed25519_1");
387 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
388 sshbuf_free(buf);
389 ASSERT_PTR_NE(k1, NULL);
390 ASSERT_INT_EQ(k1->type, KEY_ED25519);
391 /* XXX check key contents */
392 TEST_DONE();
393
394 TEST_START("parse Ed25519 from private w/ passphrase");
395 buf = load_file("ed25519_1_pw");
396 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
397 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
398 sshbuf_free(buf);
399 ASSERT_PTR_NE(k2, NULL);
400 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
401 sshkey_free(k2);
402 TEST_DONE();
403
404 TEST_START("load Ed25519 from public");
405 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
406 NULL), 0);
407 ASSERT_PTR_NE(k2, NULL);
408 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
409 sshkey_free(k2);
410 TEST_DONE();
411
412 TEST_START("load Ed25519 cert");
413 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0);
414 ASSERT_PTR_NE(k2, NULL);
415 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT);
416 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
417 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
418 TEST_DONE();
419
420 TEST_START("Ed25519 key hex fingerprint");
421 buf = load_text_file("ed25519_1.fp");
422 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
423 ASSERT_PTR_NE(cp, NULL);
424 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
425 sshbuf_free(buf);
426 free(cp);
427 TEST_DONE();
428
429 TEST_START("Ed25519 cert hex fingerprint");
430 buf = load_text_file("ed25519_1-cert.fp");
431 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
432 ASSERT_PTR_NE(cp, NULL);
433 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
434 sshbuf_free(buf);
435 free(cp);
436 sshkey_free(k2);
437 TEST_DONE();
438
439 TEST_START("Ed25519 key bubblebabble fingerprint");
440 buf = load_text_file("ed25519_1.fp.bb");
441 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
442 ASSERT_PTR_NE(cp, NULL);
443 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
444 sshbuf_free(buf);
445 free(cp);
446 TEST_DONE();
447
448 sshkey_free(k1);
449
450 sshbuf_free(pw);
451
452 }
453