Merge 6.7p1.

* New upstream release (http://www.openssh.com/txt/release-6.7): - sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. - ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket (closes: #236718). - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. - sftp(1): Allow resumption of interrupted uploads. - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange. - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family. - sshd(8): Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option. - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths. - sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages. - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly (closes: #734553). - Use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps}. * Restore TCP wrappers support, removed upstream in 6.7. It is true that dropping this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. * Replace patch to disable OpenSSL version check with an updated version of Kurt Roeckx's patch from #732940 to just avoid checking the status field.
author: Colin Watson <cjwatson@debian.org> 2014-10-07 13:33:15 +0100
committer: Colin Watson <cjwatson@debian.org> 2014-10-07 14:27:30 +0100
commit: f0b009aea83e9ff3a50be30f51012099a5143c16 (patch)
tree: 3825e6f7e3b7ea4481d06ed89aba9a7a95150df5 /regress/unittests/sshkey/test_file.c
parent: 47f0bad4330b16ec3bad870fcf9839c196e42c12 (diff)
parent: 762c062828f5a8f6ed189ed6e44ad38fd92f8b36 (diff)
1 files changed, 457 insertions, 0 deletions
diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
new file mode 100644
index 000000000..764f7fb76
--- /dev/null
+++ b/regress/unittests/sshkey/test_file.c
@@ -0,0 +1,457 @@
+/*      $OpenBSD: test_file.c,v 1.1 2014/06/24 01:14:18 djm Exp $ */
+/*
+ * Regress test for sshkey.h key management API
+ *
+ * Placed in the public domain
+ */
+#include "includes.h"
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#ifdef OPENSSL_HAS_NISTP256
+# include <openssl/ec.h>
+#endif
+#include "../test_helper/test_helper.h"
+#include "ssherr.h"
+#include "authfile.h"
+#include "sshkey.h"
+#include "sshbuf.h"
+#include "common.h"
+void sshkey_file_tests(void);
+void
+sshkey_file_tests(void)
+{
+        struct sshkey *k1, *k2;
+        struct sshbuf *buf, *pw;
+        BIGNUM *a, *b, *c;
+        char *cp;
+        TEST_START("load passphrase");
+        pw = load_text_file("pw");
+        TEST_DONE();
+        TEST_START("parse RSA1 from private");
+        buf = load_file("rsa1_1");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1",
+            &k1, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k1, NULL);
+        a = load_bignum("rsa1_1.param.n");
+        ASSERT_BIGNUM_EQ(k1->rsa->n, a);
+        BN_free(a);
+        TEST_DONE();
+        TEST_START("parse RSA1 from private w/ passphrase");
+        buf = load_file("rsa1_1_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load RSA1 from public");
+        ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2,
+            NULL), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("RSA1 key hex fingerprint");
+        buf = load_text_file("rsa1_1.fp");
+        cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        TEST_START("RSA1 key bubblebabble fingerprint");
+        buf = load_text_file("rsa1_1.fp.bb");
+        cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        sshkey_free(k1);
+        TEST_START("parse RSA from private");
+        buf = load_file("rsa_1");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",
+            &k1, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k1, NULL);
+        a = load_bignum("rsa_1.param.n");
+        b = load_bignum("rsa_1.param.p");
+        c = load_bignum("rsa_1.param.q");
+        ASSERT_BIGNUM_EQ(k1->rsa->n, a);
+        ASSERT_BIGNUM_EQ(k1->rsa->p, b);
+        ASSERT_BIGNUM_EQ(k1->rsa->q, c);
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        TEST_DONE();
+        TEST_START("parse RSA from private w/ passphrase");
+        buf = load_file("rsa_1_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("parse RSA from new-format");
+        buf = load_file("rsa_n");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            "", "rsa_n", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("parse RSA from new-format w/ passphrase");
+        buf = load_file("rsa_n_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load RSA from public");
+        ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
+            NULL), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load RSA cert");
+        ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
+        ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+        TEST_DONE();
+        TEST_START("RSA key hex fingerprint");
+        buf = load_text_file("rsa_1.fp");
+        cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        TEST_START("RSA cert hex fingerprint");
+        buf = load_text_file("rsa_1-cert.fp");
+        cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("RSA key bubblebabble fingerprint");
+        buf = load_text_file("rsa_1.fp.bb");
+        cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        sshkey_free(k1);
+        TEST_START("parse DSA from private");
+        buf = load_file("dsa_1");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1",
+            &k1, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k1, NULL);
+        a = load_bignum("dsa_1.param.g");
+        b = load_bignum("dsa_1.param.priv");
+        c = load_bignum("dsa_1.param.pub");
+        ASSERT_BIGNUM_EQ(k1->dsa->g, a);
+        ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
+        ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        TEST_DONE();
+        TEST_START("parse DSA from private w/ passphrase");
+        buf = load_file("dsa_1_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("parse DSA from new-format");
+        buf = load_file("dsa_n");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            "", "dsa_n", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("parse DSA from new-format w/ passphrase");
+        buf = load_file("dsa_n_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load DSA from public");
+        ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
+            NULL), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load DSA cert");
+        ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
+        ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+        TEST_DONE();
+        TEST_START("DSA key hex fingerprint");
+        buf = load_text_file("dsa_1.fp");
+        cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        TEST_START("DSA cert hex fingerprint");
+        buf = load_text_file("dsa_1-cert.fp");
+        cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("DSA key bubblebabble fingerprint");
+        buf = load_text_file("dsa_1.fp.bb");
+        cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        sshkey_free(k1);
+#ifdef OPENSSL_HAS_ECC
+        TEST_START("parse ECDSA from private");
+        buf = load_file("ecdsa_1");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1",
+            &k1, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k1, NULL);
+        buf = load_text_file("ecdsa_1.param.curve");
+        ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf),
+            OBJ_nid2sn(k1->ecdsa_nid));
+        sshbuf_free(buf);
+        a = load_bignum("ecdsa_1.param.priv");
+        b = load_bignum("ecdsa_1.param.pub");
+        c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),
+            EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,
+            NULL, NULL);
+        ASSERT_PTR_NE(c, NULL);
+        ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);
+        ASSERT_BIGNUM_EQ(b, c);
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        TEST_DONE();
+        TEST_START("parse ECDSA from private w/ passphrase");
+        buf = load_file("ecdsa_1_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("parse ECDSA from new-format");
+        buf = load_file("ecdsa_n");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            "", "ecdsa_n", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("parse ECDSA from new-format w/ passphrase");
+        buf = load_file("ecdsa_n_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load ECDSA from public");
+        ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
+            NULL), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load ECDSA cert");
+        ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
+        ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+        TEST_DONE();
+        TEST_START("ECDSA key hex fingerprint");
+        buf = load_text_file("ecdsa_1.fp");
+        cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        TEST_START("ECDSA cert hex fingerprint");
+        buf = load_text_file("ecdsa_1-cert.fp");
+        cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("ECDSA key bubblebabble fingerprint");
+        buf = load_text_file("ecdsa_1.fp.bb");
+        cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        sshkey_free(k1);
+#endif /* OPENSSL_HAS_ECC */
+        TEST_START("parse Ed25519 from private");
+        buf = load_file("ed25519_1");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1",
+            &k1, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k1, NULL);
+        ASSERT_INT_EQ(k1->type, KEY_ED25519);
+        /* XXX check key contents */
+        TEST_DONE();
+        TEST_START("parse Ed25519 from private w/ passphrase");
+        buf = load_file("ed25519_1_pw");
+        ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+            (const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0);
+        sshbuf_free(buf);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load Ed25519 from public");
+        ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
+            NULL), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("load Ed25519 cert");
+        ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0);
+        ASSERT_PTR_NE(k2, NULL);
+        ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT);
+        ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
+        ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+        TEST_DONE();
+        TEST_START("Ed25519 key hex fingerprint");
+        buf = load_text_file("ed25519_1.fp");
+        cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        TEST_START("Ed25519 cert hex fingerprint");
+        buf = load_text_file("ed25519_1-cert.fp");
+        cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        sshkey_free(k2);
+        TEST_DONE();
+        TEST_START("Ed25519 key bubblebabble fingerprint");
+        buf = load_text_file("ed25519_1.fp.bb");
+        cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
+        ASSERT_PTR_NE(cp, NULL);
+        ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+        sshbuf_free(buf);
+        free(cp);
+        TEST_DONE();
+        sshkey_free(k1);
+        sshbuf_free(pw);
+}
author	Colin Watson <cjwatson@debian.org>	2014-10-07 13:33:15 +0100
committer	Colin Watson <cjwatson@debian.org>	2014-10-07 14:27:30 +0100
commit	f0b009aea83e9ff3a50be30f51012099a5143c16 (patch)
tree	3825e6f7e3b7ea4481d06ed89aba9a7a95150df5 /regress/unittests/sshkey/test_file.c
parent	47f0bad4330b16ec3bad870fcf9839c196e42c12 (diff)
parent	762c062828f5a8f6ed189ed6e44ad38fd92f8b36 (diff)

diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c new file mode 100644 index 000000000..764f7fb76 --- /dev/null +++ b/regress/unittests/sshkey/test_file.c
@@ -0,0 +1,457 @@
	1	/* $OpenBSD: test_file.c,v 1.1 2014/06/24 01:14:18 djm Exp $ */
	2	/*
	3	* Regress test for sshkey.h key management API
	4	*
	5	* Placed in the public domain
	6	*/
	7
	8	#include "includes.h"
	9
	10	#include <sys/types.h>
	11	#include <sys/param.h>
	12	#include <sys/stat.h>
	13	#include <fcntl.h>
	14	#include <stdio.h>
	15	#ifdef HAVE_STDINT_H
	16	#include <stdint.h>
	17	#endif
	18	#include <stdlib.h>
	19	#include <string.h>
	20	#include <unistd.h>
	21
	22	#include <openssl/bn.h>
	23	#include <openssl/rsa.h>
	24	#include <openssl/dsa.h>
	25	#include <openssl/objects.h>
	26	#ifdef OPENSSL_HAS_NISTP256
	27	# include <openssl/ec.h>
	28	#endif
	29
	30	#include "../test_helper/test_helper.h"
	31
	32	#include "ssherr.h"
	33	#include "authfile.h"
	34	#include "sshkey.h"
	35	#include "sshbuf.h"
	36
	37	#include "common.h"
	38
	39	void sshkey_file_tests(void);
	40
	41	void
	42	sshkey_file_tests(void)
	43	{
	44	struct sshkey k1, k2;
	45	struct sshbuf buf, pw;
	46	BIGNUM a, b, *c;
	47	char *cp;
	48
	49	TEST_START("load passphrase");
	50	pw = load_text_file("pw");
	51	TEST_DONE();
	52
	53	TEST_START("parse RSA1 from private");
	54	buf = load_file("rsa1_1");
	55	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1",
	56	&k1, NULL), 0);
	57	sshbuf_free(buf);
	58	ASSERT_PTR_NE(k1, NULL);
	59	a = load_bignum("rsa1_1.param.n");
	60	ASSERT_BIGNUM_EQ(k1->rsa->n, a);
	61	BN_free(a);
	62	TEST_DONE();
	63
	64	TEST_START("parse RSA1 from private w/ passphrase");
	65	buf = load_file("rsa1_1_pw");
	66	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	67	(const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0);
	68	sshbuf_free(buf);
	69	ASSERT_PTR_NE(k2, NULL);
	70	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	71	sshkey_free(k2);
	72	TEST_DONE();
	73
	74	TEST_START("load RSA1 from public");
	75	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa1_1.pub"), &k2,
	76	NULL), 0);
	77	ASSERT_PTR_NE(k2, NULL);
	78	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	79	sshkey_free(k2);
	80	TEST_DONE();
	81
	82	TEST_START("RSA1 key hex fingerprint");
	83	buf = load_text_file("rsa1_1.fp");
	84	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
	85	ASSERT_PTR_NE(cp, NULL);
	86	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	87	sshbuf_free(buf);
	88	free(cp);
	89	TEST_DONE();
	90
	91	TEST_START("RSA1 key bubblebabble fingerprint");
	92	buf = load_text_file("rsa1_1.fp.bb");
	93	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
	94	ASSERT_PTR_NE(cp, NULL);
	95	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	96	sshbuf_free(buf);
	97	free(cp);
	98	TEST_DONE();
	99
	100	sshkey_free(k1);
	101
	102	TEST_START("parse RSA from private");
	103	buf = load_file("rsa_1");
	104	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1",
	105	&k1, NULL), 0);
	106	sshbuf_free(buf);
	107	ASSERT_PTR_NE(k1, NULL);
	108	a = load_bignum("rsa_1.param.n");
	109	b = load_bignum("rsa_1.param.p");
	110	c = load_bignum("rsa_1.param.q");
	111	ASSERT_BIGNUM_EQ(k1->rsa->n, a);
	112	ASSERT_BIGNUM_EQ(k1->rsa->p, b);
	113	ASSERT_BIGNUM_EQ(k1->rsa->q, c);
	114	BN_free(a);
	115	BN_free(b);
	116	BN_free(c);
	117	TEST_DONE();
	118
	119	TEST_START("parse RSA from private w/ passphrase");
	120	buf = load_file("rsa_1_pw");
	121	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	122	(const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0);
	123	sshbuf_free(buf);
	124	ASSERT_PTR_NE(k2, NULL);
	125	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	126	sshkey_free(k2);
	127	TEST_DONE();
	128
	129	TEST_START("parse RSA from new-format");
	130	buf = load_file("rsa_n");
	131	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	132	"", "rsa_n", &k2, NULL), 0);
	133	sshbuf_free(buf);
	134	ASSERT_PTR_NE(k2, NULL);
	135	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	136	sshkey_free(k2);
	137	TEST_DONE();
	138
	139	TEST_START("parse RSA from new-format w/ passphrase");
	140	buf = load_file("rsa_n_pw");
	141	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	142	(const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0);
	143	sshbuf_free(buf);
	144	ASSERT_PTR_NE(k2, NULL);
	145	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	146	sshkey_free(k2);
	147	TEST_DONE();
	148
	149	TEST_START("load RSA from public");
	150	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
	151	NULL), 0);
	152	ASSERT_PTR_NE(k2, NULL);
	153	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	154	sshkey_free(k2);
	155	TEST_DONE();
	156
	157	TEST_START("load RSA cert");
	158	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
	159	ASSERT_PTR_NE(k2, NULL);
	160	ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
	161	ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
	162	ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
	163	TEST_DONE();
	164
	165	TEST_START("RSA key hex fingerprint");
	166	buf = load_text_file("rsa_1.fp");
	167	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
	168	ASSERT_PTR_NE(cp, NULL);
	169	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	170	sshbuf_free(buf);
	171	free(cp);
	172	TEST_DONE();
	173
	174	TEST_START("RSA cert hex fingerprint");
	175	buf = load_text_file("rsa_1-cert.fp");
	176	cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
	177	ASSERT_PTR_NE(cp, NULL);
	178	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	179	sshbuf_free(buf);
	180	free(cp);
	181	sshkey_free(k2);
	182	TEST_DONE();
	183
	184	TEST_START("RSA key bubblebabble fingerprint");
	185	buf = load_text_file("rsa_1.fp.bb");
	186	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
	187	ASSERT_PTR_NE(cp, NULL);
	188	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	189	sshbuf_free(buf);
	190	free(cp);
	191	TEST_DONE();
	192
	193	sshkey_free(k1);
	194
	195	TEST_START("parse DSA from private");
	196	buf = load_file("dsa_1");
	197	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1",
	198	&k1, NULL), 0);
	199	sshbuf_free(buf);
	200	ASSERT_PTR_NE(k1, NULL);
	201	a = load_bignum("dsa_1.param.g");
	202	b = load_bignum("dsa_1.param.priv");
	203	c = load_bignum("dsa_1.param.pub");
	204	ASSERT_BIGNUM_EQ(k1->dsa->g, a);
	205	ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
	206	ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
	207	BN_free(a);
	208	BN_free(b);
	209	BN_free(c);
	210	TEST_DONE();
	211
	212	TEST_START("parse DSA from private w/ passphrase");
	213	buf = load_file("dsa_1_pw");
	214	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	215	(const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0);
	216	sshbuf_free(buf);
	217	ASSERT_PTR_NE(k2, NULL);
	218	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	219	sshkey_free(k2);
	220	TEST_DONE();
	221
	222	TEST_START("parse DSA from new-format");
	223	buf = load_file("dsa_n");
	224	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	225	"", "dsa_n", &k2, NULL), 0);
	226	sshbuf_free(buf);
	227	ASSERT_PTR_NE(k2, NULL);
	228	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	229	sshkey_free(k2);
	230	TEST_DONE();
	231
	232	TEST_START("parse DSA from new-format w/ passphrase");
	233	buf = load_file("dsa_n_pw");
	234	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	235	(const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0);
	236	sshbuf_free(buf);
	237	ASSERT_PTR_NE(k2, NULL);
	238	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	239	sshkey_free(k2);
	240	TEST_DONE();
	241
	242	TEST_START("load DSA from public");
	243	ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
	244	NULL), 0);
	245	ASSERT_PTR_NE(k2, NULL);
	246	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	247	sshkey_free(k2);
	248	TEST_DONE();
	249
	250	TEST_START("load DSA cert");
	251	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
	252	ASSERT_PTR_NE(k2, NULL);
	253	ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
	254	ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
	255	ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
	256	TEST_DONE();
	257
	258	TEST_START("DSA key hex fingerprint");
	259	buf = load_text_file("dsa_1.fp");
	260	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
	261	ASSERT_PTR_NE(cp, NULL);
	262	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	263	sshbuf_free(buf);
	264	free(cp);
	265	TEST_DONE();
	266
	267	TEST_START("DSA cert hex fingerprint");
	268	buf = load_text_file("dsa_1-cert.fp");
	269	cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
	270	ASSERT_PTR_NE(cp, NULL);
	271	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	272	sshbuf_free(buf);
	273	free(cp);
	274	sshkey_free(k2);
	275	TEST_DONE();
	276
	277	TEST_START("DSA key bubblebabble fingerprint");
	278	buf = load_text_file("dsa_1.fp.bb");
	279	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
	280	ASSERT_PTR_NE(cp, NULL);
	281	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	282	sshbuf_free(buf);
	283	free(cp);
	284	TEST_DONE();
	285
	286	sshkey_free(k1);
	287
	288	#ifdef OPENSSL_HAS_ECC
	289	TEST_START("parse ECDSA from private");
	290	buf = load_file("ecdsa_1");
	291	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1",
	292	&k1, NULL), 0);
	293	sshbuf_free(buf);
	294	ASSERT_PTR_NE(k1, NULL);
	295	buf = load_text_file("ecdsa_1.param.curve");
	296	ASSERT_STRING_EQ((const char *)sshbuf_ptr(buf),
	297	OBJ_nid2sn(k1->ecdsa_nid));
	298	sshbuf_free(buf);
	299	a = load_bignum("ecdsa_1.param.priv");
	300	b = load_bignum("ecdsa_1.param.pub");
	301	c = EC_POINT_point2bn(EC_KEY_get0_group(k1->ecdsa),
	302	EC_KEY_get0_public_key(k1->ecdsa), POINT_CONVERSION_UNCOMPRESSED,
	303	NULL, NULL);
	304	ASSERT_PTR_NE(c, NULL);
	305	ASSERT_BIGNUM_EQ(EC_KEY_get0_private_key(k1->ecdsa), a);
	306	ASSERT_BIGNUM_EQ(b, c);
	307	BN_free(a);
	308	BN_free(b);
	309	BN_free(c);
	310	TEST_DONE();
	311
	312	TEST_START("parse ECDSA from private w/ passphrase");
	313	buf = load_file("ecdsa_1_pw");
	314	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	315	(const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0);
	316	sshbuf_free(buf);
	317	ASSERT_PTR_NE(k2, NULL);
	318	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	319	sshkey_free(k2);
	320	TEST_DONE();
	321
	322	TEST_START("parse ECDSA from new-format");
	323	buf = load_file("ecdsa_n");
	324	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	325	"", "ecdsa_n", &k2, NULL), 0);
	326	sshbuf_free(buf);
	327	ASSERT_PTR_NE(k2, NULL);
	328	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	329	sshkey_free(k2);
	330	TEST_DONE();
	331
	332	TEST_START("parse ECDSA from new-format w/ passphrase");
	333	buf = load_file("ecdsa_n_pw");
	334	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	335	(const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0);
	336	sshbuf_free(buf);
	337	ASSERT_PTR_NE(k2, NULL);
	338	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	339	sshkey_free(k2);
	340	TEST_DONE();
	341
	342	TEST_START("load ECDSA from public");
	343	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2,
	344	NULL), 0);
	345	ASSERT_PTR_NE(k2, NULL);
	346	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	347	sshkey_free(k2);
	348	TEST_DONE();
	349
	350	TEST_START("load ECDSA cert");
	351	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_1"), &k2), 0);
	352	ASSERT_PTR_NE(k2, NULL);
	353	ASSERT_INT_EQ(k2->type, KEY_ECDSA_CERT);
	354	ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
	355	ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
	356	TEST_DONE();
	357
	358	TEST_START("ECDSA key hex fingerprint");
	359	buf = load_text_file("ecdsa_1.fp");
	360	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
	361	ASSERT_PTR_NE(cp, NULL);
	362	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	363	sshbuf_free(buf);
	364	free(cp);
	365	TEST_DONE();
	366
	367	TEST_START("ECDSA cert hex fingerprint");
	368	buf = load_text_file("ecdsa_1-cert.fp");
	369	cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
	370	ASSERT_PTR_NE(cp, NULL);
	371	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	372	sshbuf_free(buf);
	373	free(cp);
	374	sshkey_free(k2);
	375	TEST_DONE();
	376
	377	TEST_START("ECDSA key bubblebabble fingerprint");
	378	buf = load_text_file("ecdsa_1.fp.bb");
	379	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
	380	ASSERT_PTR_NE(cp, NULL);
	381	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	382	sshbuf_free(buf);
	383	free(cp);
	384	TEST_DONE();
	385
	386	sshkey_free(k1);
	387	#endif /* OPENSSL_HAS_ECC */
	388
	389	TEST_START("parse Ed25519 from private");
	390	buf = load_file("ed25519_1");
	391	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1",
	392	&k1, NULL), 0);
	393	sshbuf_free(buf);
	394	ASSERT_PTR_NE(k1, NULL);
	395	ASSERT_INT_EQ(k1->type, KEY_ED25519);
	396	/* XXX check key contents */
	397	TEST_DONE();
	398
	399	TEST_START("parse Ed25519 from private w/ passphrase");
	400	buf = load_file("ed25519_1_pw");
	401	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
	402	(const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0);
	403	sshbuf_free(buf);
	404	ASSERT_PTR_NE(k2, NULL);
	405	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	406	sshkey_free(k2);
	407	TEST_DONE();
	408
	409	TEST_START("load Ed25519 from public");
	410	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k2,
	411	NULL), 0);
	412	ASSERT_PTR_NE(k2, NULL);
	413	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
	414	sshkey_free(k2);
	415	TEST_DONE();
	416
	417	TEST_START("load Ed25519 cert");
	418	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_1"), &k2), 0);
	419	ASSERT_PTR_NE(k2, NULL);
	420	ASSERT_INT_EQ(k2->type, KEY_ED25519_CERT);
	421	ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
	422	ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
	423	TEST_DONE();
	424
	425	TEST_START("Ed25519 key hex fingerprint");
	426	buf = load_text_file("ed25519_1.fp");
	427	cp = sshkey_fingerprint(k1, SSH_FP_MD5, SSH_FP_HEX);
	428	ASSERT_PTR_NE(cp, NULL);
	429	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	430	sshbuf_free(buf);
	431	free(cp);
	432	TEST_DONE();
	433
	434	TEST_START("Ed25519 cert hex fingerprint");
	435	buf = load_text_file("ed25519_1-cert.fp");
	436	cp = sshkey_fingerprint(k2, SSH_FP_MD5, SSH_FP_HEX);
	437	ASSERT_PTR_NE(cp, NULL);
	438	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	439	sshbuf_free(buf);
	440	free(cp);
	441	sshkey_free(k2);
	442	TEST_DONE();
	443
	444	TEST_START("Ed25519 key bubblebabble fingerprint");
	445	buf = load_text_file("ed25519_1.fp.bb");
	446	cp = sshkey_fingerprint(k1, SSH_FP_SHA1, SSH_FP_BUBBLEBABBLE);
	447	ASSERT_PTR_NE(cp, NULL);
	448	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
	449	sshbuf_free(buf);
	450	free(cp);
	451	TEST_DONE();
	452
	453	sshkey_free(k1);
	454
	455	sshbuf_free(pw);
	456
	457	}