1 /* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */
2 /*
3 * Regress test for sshkey.h key management API
4 *
5 * Placed in the public domain
6 */
7
8 #include "includes.h"
9
10 #include <sys/types.h>
11 #include <sys/param.h>
12 #include <sys/stat.h>
13 #include <fcntl.h>
14 #include <stdio.h>
15 #ifdef HAVE_STDINT_H
16 #include <stdint.h>
17 #endif
18 #include <stdlib.h>
19 #include <string.h>
20 #include <unistd.h>
21
22 #ifdef WITH_OPENSSL
23 #include <openssl/bn.h>
24 #include <openssl/rsa.h>
25 #include <openssl/dsa.h>
26 #include <openssl/objects.h>
27 #ifdef OPENSSL_HAS_NISTP256
28 # include <openssl/ec.h>
29 #endif /* OPENSSL_HAS_NISTP256 */
30 #endif /* WITH_OPENSSL */
31
32 #include "../test_helper/test_helper.h"
33
34 #include "ssherr.h"
35 #include "authfile.h"
36 #include "sshkey.h"
37 #include "sshbuf.h"
38 #include "digest.h"
39
40 #include "common.h"
41
42 void sshkey_file_tests(void);
43
44 void
sshkey_file_tests(void)45 sshkey_file_tests(void)
46 {
47 struct sshkey *k1, *k2;
48 struct sshbuf *buf, *pw;
49 #ifdef WITH_OPENSSL
50 BIGNUM *a, *b, *c;
51 #endif
52 char *cp;
53
54 TEST_START("load passphrase");
55 pw = load_text_file("pw");
56 TEST_DONE();
57
58
59 #ifdef WITH_OPENSSL
60 TEST_START("parse RSA from private");
61 buf = load_file("rsa_1");
62 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
63 sshbuf_free(buf);
64 ASSERT_PTR_NE(k1, NULL);
65 a = load_bignum("rsa_1.param.n");
66 b = load_bignum("rsa_1.param.p");
67 c = load_bignum("rsa_1.param.q");
68 ASSERT_BIGNUM_EQ(rsa_n(k1), a);
69 ASSERT_BIGNUM_EQ(rsa_p(k1), b);
70 ASSERT_BIGNUM_EQ(rsa_q(k1), c);
71 BN_free(a);
72 BN_free(b);
73 BN_free(c);
74 TEST_DONE();
75
76 TEST_START("parse RSA from private w/ passphrase");
77 buf = load_file("rsa_1_pw");
78 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
79 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
80 sshbuf_free(buf);
81 ASSERT_PTR_NE(k2, NULL);
82 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
83 sshkey_free(k2);
84 TEST_DONE();
85
86 TEST_START("parse RSA from new-format");
87 buf = load_file("rsa_n");
88 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
89 sshbuf_free(buf);
90 ASSERT_PTR_NE(k2, NULL);
91 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
92 sshkey_free(k2);
93 TEST_DONE();
94
95 TEST_START("parse RSA from new-format w/ passphrase");
96 buf = load_file("rsa_n_pw");
97 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
98 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
99 sshbuf_free(buf);
100 ASSERT_PTR_NE(k2, NULL);
101 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
102 sshkey_free(k2);
103 TEST_DONE();
104
105 TEST_START("load RSA from public");
106 ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
107 NULL), 0);
108 ASSERT_PTR_NE(k2, NULL);
109 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
110 sshkey_free(k2);
111 TEST_DONE();
112
113 TEST_START("load RSA cert with SHA1 signature");
114 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0);
115 ASSERT_PTR_NE(k2, NULL);
116 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
117 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
118 ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa");
119 sshkey_free(k2);
120 TEST_DONE();
121
122 TEST_START("load RSA cert with SHA512 signature");
123 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0);
124 ASSERT_PTR_NE(k2, NULL);
125 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
126 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
127 ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512");
128 sshkey_free(k2);
129 TEST_DONE();
130
131 TEST_START("load RSA cert");
132 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
133 ASSERT_PTR_NE(k2, NULL);
134 ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
135 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
136 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
137 TEST_DONE();
138
139 TEST_START("RSA key hex fingerprint");
140 buf = load_text_file("rsa_1.fp");
141 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
142 ASSERT_PTR_NE(cp, NULL);
143 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
144 sshbuf_free(buf);
145 free(cp);
146 TEST_DONE();
147
148 TEST_START("RSA cert hex fingerprint");
149 buf = load_text_file("rsa_1-cert.fp");
150 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
151 ASSERT_PTR_NE(cp, NULL);
152 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
153 sshbuf_free(buf);
154 free(cp);
155 sshkey_free(k2);
156 TEST_DONE();
157
158 TEST_START("RSA key bubblebabble fingerprint");
159 buf = load_text_file("rsa_1.fp.bb");
160 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
161 ASSERT_PTR_NE(cp, NULL);
162 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
163 sshbuf_free(buf);
164 free(cp);
165 TEST_DONE();
166
167 sshkey_free(k1);
168
169 TEST_START("parse DSA from private");
170 buf = load_file("dsa_1");
171 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
172 sshbuf_free(buf);
173 ASSERT_PTR_NE(k1, NULL);
174 a = load_bignum("dsa_1.param.g");
175 b = load_bignum("dsa_1.param.priv");
176 c = load_bignum("dsa_1.param.pub");
177 ASSERT_BIGNUM_EQ(dsa_g(k1), a);
178 ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b);
179 ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c);
180 BN_free(a);
181 BN_free(b);
182 BN_free(c);
183 TEST_DONE();
184
185 TEST_START("parse DSA from private w/ passphrase");
186 buf = load_file("dsa_1_pw");
187 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
188 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
189 sshbuf_free(buf);
190 ASSERT_PTR_NE(k2, NULL);
191 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
192 sshkey_free(k2);
193 TEST_DONE();
194
195 TEST_START("parse DSA from new-format");
196 buf = load_file("dsa_n");
197 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
198 sshbuf_free(buf);
199 ASSERT_PTR_NE(k2, NULL);
200 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
201 sshkey_free(k2);
202 TEST_DONE();
203
204 TEST_START("parse DSA from new-format w/ passphrase");
205 buf = load_file("dsa_n_pw");
206 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
207 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
208 sshbuf_free(buf);
209 ASSERT_PTR_NE(k2, NULL);
210 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
211 sshkey_free(k2);
212 TEST_DONE();
213
214 TEST_START("load DSA from public");
215 ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
216 NULL), 0);
217 ASSERT_PTR_NE(k2, NULL);
218 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
219 sshkey_free(k2);
220 TEST_DONE();
221
222 TEST_START("load DSA cert");
223 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
224 ASSERT_PTR_NE(k2, NULL);
225 ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
226 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
227 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
228 TEST_DONE();
229
230 TEST_START("DSA key hex fingerprint");
231 buf = load_text_file("dsa_1.fp");
232 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
233 ASSERT_PTR_NE(cp, NULL);
234 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
235 sshbuf_free(buf);
236 free(cp);
237 TEST_DONE();
238
239 TEST_START("DSA cert hex fingerprint");
240 buf = load_text_file("dsa_1-cert.fp");
241 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
242 ASSERT_PTR_NE(cp, NULL);
243 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
244 sshbuf_free(buf);
245 free(cp);
246 sshkey_free(k2);
247 TEST_DONE();
248
249 TEST_START("DSA key bubblebabble fingerprint");
250 buf = load_text_file("dsa_1.fp.bb");
251 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
252 ASSERT_PTR_NE(cp, NULL);
253 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
254 sshbuf_free(buf);
255 free(cp);
256 TEST_DONE();
257
258 sshkey_free(k1);
259
260 #ifdef OPENSSL_HAS_ECC
261 TEST_START("parse ECDSA from private");
262 buf = load_file("ecdsa_1");
263 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
264 sshbuf_free(buf);
265 ASSERT_PTR_NE(k1, NULL);
266 buf = load_text_file("ecdsa_1.param.curve");
267 ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf),
268 OBJ_nid2sn(k1->ecdsa_nid));
269 sshbuf_free(buf);
270 a = load_bignum("ecdsa_1.param.priv");
271 b = load_bignum("ecdsa_1.param.pub");
272 c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),
273 EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,
274 NULL, NULL);
275 ASSERT_PTR_NE(c, NULL);
276 ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);
277 ASSERT_BIGNUM_EQ(b, c);
278 BN_free(a);
279 BN_free(b);
280 BN_free(c);
281 TEST_DONE();
282
283 TEST_START("parse ECDSA from private w/ passphrase");
284 buf = load_file("ecdsa_1_pw");
285 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
286 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
287 sshbuf_free(buf);
288 ASSERT_PTR_NE(k2, NULL);
289 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
290 sshkey_free(k2);
291 TEST_DONE();
292
293 TEST_START("parse ECDSA from new-format");
294 buf = load_file("ecdsa_n");
295 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
296 sshbuf_free(buf);
297 ASSERT_PTR_NE(k2, NULL);
298 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
299 sshkey_free(k2);
300 TEST_DONE();
301
302 TEST_START("parse ECDSA from new-format w/ passphrase");
303 buf = load_file("ecdsa_n_pw");
304 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
305 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
306 sshbuf_free(buf);
307 ASSERT_PTR_NE(k2, NULL);
308 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
309 sshkey_free(k2);
310 TEST_DONE();
311
312 TEST_START("load ECDSA from public");
313 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
314 NULL), 0);
315 ASSERT_PTR_NE(k2, NULL);
316 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
317 sshkey_free(k2);
318 TEST_DONE();
319
320 TEST_START("load ECDSA cert");
321 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0);
322 ASSERT_PTR_NE(k2, NULL);
323 ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT);
324 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
325 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
326 TEST_DONE();
327
328 TEST_START("ECDSA key hex fingerprint");
329 buf = load_text_file("ecdsa_1.fp");
330 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
331 ASSERT_PTR_NE(cp, NULL);
332 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
333 sshbuf_free(buf);
334 free(cp);
335 TEST_DONE();
336
337 TEST_START("ECDSA cert hex fingerprint");
338 buf = load_text_file("ecdsa_1-cert.fp");
339 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
340 ASSERT_PTR_NE(cp, NULL);
341 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
342 sshbuf_free(buf);
343 free(cp);
344 sshkey_free(k2);
345 TEST_DONE();
346
347 TEST_START("ECDSA key bubblebabble fingerprint");
348 buf = load_text_file("ecdsa_1.fp.bb");
349 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
350 ASSERT_PTR_NE(cp, NULL);
351 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
352 sshbuf_free(buf);
353 free(cp);
354 TEST_DONE();
355
356 sshkey_free(k1);
357 #endif /* OPENSSL_HAS_ECC */
358 #endif /* WITH_OPENSSL */
359
360 TEST_START("parse Ed25519 from private");
361 buf = load_file("ed25519_1");
362 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
363 sshbuf_free(buf);
364 ASSERT_PTR_NE(k1, NULL);
365 ASSERT_INT_EQ(k1->type, KEY_ED25519);
366 /* XXX check key contents */
367 TEST_DONE();
368
369 TEST_START("parse Ed25519 from private w/ passphrase");
370 buf = load_file("ed25519_1_pw");
371 ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
372 (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
373 sshbuf_free(buf);
374 ASSERT_PTR_NE(k2, NULL);
375 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
376 sshkey_free(k2);
377 TEST_DONE();
378
379 TEST_START("load Ed25519 from public");
380 ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
381 NULL), 0);
382 ASSERT_PTR_NE(k2, NULL);
383 ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
384 sshkey_free(k2);
385 TEST_DONE();
386
387 TEST_START("load Ed25519 cert");
388 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0);
389 ASSERT_PTR_NE(k2, NULL);
390 ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT);
391 ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
392 ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
393 TEST_DONE();
394
395 TEST_START("Ed25519 key hex fingerprint");
396 buf = load_text_file("ed25519_1.fp");
397 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
398 ASSERT_PTR_NE(cp, NULL);
399 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
400 sshbuf_free(buf);
401 free(cp);
402 TEST_DONE();
403
404 TEST_START("Ed25519 cert hex fingerprint");
405 buf = load_text_file("ed25519_1-cert.fp");
406 cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
407 ASSERT_PTR_NE(cp, NULL);
408 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
409 sshbuf_free(buf);
410 free(cp);
411 sshkey_free(k2);
412 TEST_DONE();
413
414 TEST_START("Ed25519 key bubblebabble fingerprint");
415 buf = load_text_file("ed25519_1.fp.bb");
416 cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
417 ASSERT_PTR_NE(cp, NULL);
418 ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
419 sshbuf_free(buf);
420 free(cp);
421 TEST_DONE();
422
423 sshkey_free(k1);
424
425 sshbuf_free(pw);
426
427 }
428