7 files changed, 196 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index e1d1d6e4b..b7148f7da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,12 @@
      unbreak lls command and add a regress test that would have caught the
      breakage; spotted by mouring@
      NB. sftp code change already committed.
+   - djm@cvs.openbsd.org 2007/12/21 04:13:53
+     [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
+     [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
+     basic (crypto, kex and transfer) interop regression tests against putty
+     To run these, install putty and run "make interop-tests" from the build
+     directory - the tests aren't run by default yet.
 
 20080311
  - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
@@ -3734,4 +3740,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4869 2008/03/12 12:59:43 djm Exp $
+$Id: ChangeLog,v 1.4870 2008/03/12 13:17:00 djm Exp $
diff --git a/regress/Makefile b/regress/Makefile
index 196020db8..7b571f7ec 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,8 +1,11 @@
-#       $OpenBSD: Makefile,v 1.43 2007/10/29 06:57:13 dtucker Exp $
+#       $OpenBSD: Makefile,v 1.44 2007/12/21 04:13:53 djm Exp $
 
 REGRESS_TARGETS=        t1 t2 t3 t4 t5 t6 t7 t-exec
 tests:          $(REGRESS_TARGETS)
 
+# Interop tests are not run by default
+interop: t-exec-interop
+
 clean:
         for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
 distclean:      clean
@@ -45,6 +48,9 @@ LTESTS= 	connect \
                 localcommand \
                 forcecommand
 
+INTEROP_TESTS=  putty-transfer putty-ciphers putty-kex
+#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
 USER!=          id -un
 CLEANFILES=     t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
                 authorized_keys_${USER} known_hosts pidfile \
@@ -55,8 +61,6 @@ CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
                 scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
                 sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv
 
-#LTESTS +=      ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
-
 t1:
         ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
 
@@ -97,3 +101,11 @@ t-exec:	${LTESTS:=.sh}
                 echo "run test $${TEST}" ... 1>&2; \
                 (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
         done
+
+t-exec-interop: ${INTEROP_TESTS:=.sh}
+        @if [ "x$?" = "x" ]; then exit 0; fi; \
+        for TEST in ""$?; do \
+                echo "run test $${TEST}" ... 1>&2; \
+                (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+        done
+
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
new file mode 100644
index 000000000..e9196d621
--- /dev/null
+++ b/regress/putty-ciphers.sh
@@ -0,0 +1,30 @@
+#       $OpenBSD: putty-ciphers.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#       Placed in the Public Domain.
+
+tid="putty ciphers"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+        fatal "putty interop tests not enabled"
+fi
+
+for c in aes blowfish 3des arcfour ; do
+        verbose "$tid: cipher $c"
+        cp ${OBJ}/.putty/sessions/localhost_proxy \
+            ${OBJ}/.putty/sessions/cipher_$c
+        echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+
+        rm -f ${COPY}
+        env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
+            127.0.0.1 cat ${DATA} > ${COPY}
+        if [ $? -ne 0 ]; then
+                fail "ssh cat $DATA failed"
+        fi
+        cmp ${DATA} ${COPY}             || fail "corrupted copy"
+done
+rm -f ${COPY}
+
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
new file mode 100644
index 000000000..d0437c6d5
--- /dev/null
+++ b/regress/putty-kex.sh
@@ -0,0 +1,27 @@
+#       $OpenBSD: putty-kex.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#       Placed in the Public Domain.
+
+tid="putty KEX"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+        fatal "putty interop tests not enabled"
+fi
+
+for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
+        verbose "$tid: kex $k"
+        cp ${OBJ}/.putty/sessions/localhost_proxy \
+            ${OBJ}/.putty/sessions/kex_$k
+        echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+
+        env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \
+            127.0.0.1 true
+        if [ $? -ne 0 ]; then
+                fail "KEX $k failed"
+        fi
+done
+
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
new file mode 100644
index 000000000..0a4f34ee6
--- /dev/null
+++ b/regress/putty-transfer.sh
@@ -0,0 +1,45 @@
+#       $OpenBSD: putty-transfer.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#       Placed in the Public Domain.
+
+tid="putty transfer data"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+        fatal "putty interop tests not enabled"
+fi
+
+# XXX support protocol 1 too
+for p in 2; do
+        for c in 0 1 ; do 
+        verbose "$tid: proto $p compression $c"
+                rm -f ${COPY}
+                cp ${OBJ}/.putty/sessions/localhost_proxy \
+                    ${OBJ}/.putty/sessions/compression_$c
+                echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
+                env HOME=$PWD ${PLINK} -load compression_$c -batch \
+                    -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY}
+                if [ $? -ne 0 ]; then
+                        fail "ssh cat $DATA failed"
+                fi
+                cmp ${DATA} ${COPY}             || fail "corrupted copy"
+        
+                for s in 10 100 1k 32k 64k 128k 256k; do
+                        trace "proto $p compression $c dd-size ${s}"
+                        rm -f ${COPY}
+                        dd if=$DATA obs=${s} 2> /dev/null | \
+                                env HOME=$PWD ${PLINK} -load compression_$c \
+                                    -batch -i putty.rsa$p 127.0.0.1 \
+                                    "cat > ${COPY}"
+                        if [ $? -ne 0 ]; then
+                                fail "ssh cat $DATA failed"
+                        fi
+                        cmp $DATA ${COPY}       || fail "corrupted copy"
+                done
+        done
+done
+rm -f ${COPY}
+
diff --git a/regress/ssh2putty.sh b/regress/ssh2putty.sh
new file mode 100755
index 000000000..82dd44787
--- /dev/null
+++ b/regress/ssh2putty.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
+        echo "Usage: ssh2putty hostname port ssh-private-key"
+        exit 1
+fi
+
+HOST=$1
+PORT=$2
+KEYFILE=$3
+
+# XXX - support DSA keys too
+if ! grep -q "BEGIN RSA PRIVATE KEY" $KEYFILE ; then
+        echo "Unsupported private key format"
+        exit 1
+fi
+
+public_exponent=`
+        openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | 
+        sed 's/.*(//;s/).*//'
+`
+test $? -ne 0 && exit 1
+
+modulus=`
+        openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | 
+        sed 's/^Modulus=/0x/' | tr A-Z a-z
+`
+test $? -ne 0 && exit 1
+
+echo "rsa2@$PORT:$HOST $public_exponent,$modulus"
+
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index e44778065..1eb9ff729 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: test-exec.sh,v 1.30 2007/10/26 05:30:01 djm Exp $
+#       $OpenBSD: test-exec.sh,v 1.31 2007/12/21 04:13:53 djm Exp $
 #       Placed in the Public Domain.
 
 #SUDO=sudo
@@ -69,6 +69,10 @@ SFTP=sftp
 SFTPSERVER=/usr/libexec/openssh/sftp-server
 SCP=scp
 
+# Interop testing
+PLINK=/usr/local/bin/plink
+PUTTYGEN=/usr/local/bin/puttygen
+
 if [ "x$TEST_SSH_SSH" != "x" ]; then
         SSH="${TEST_SSH_SSH}"
 fi
@@ -96,6 +100,12 @@ fi
 if [ "x$TEST_SSH_SCP" != "x" ]; then
         SCP="${TEST_SSH_SCP}"
 fi
+if [ "x$TEST_SSH_PLINK" != "x" ]; then
+        PLINK="${TEST_SSH_PLINK}"
+fi
+if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
+        PUTTYGEN="${TEST_SSH_PUTTYGEN}"
+fi
 
 # Path to sshd must be absolute for rexec
 case "$SSHD" in
@@ -269,6 +279,34 @@ for t in rsa rsa1; do
 done
 chmod 644 $OBJ/authorized_keys_$USER
 
+# If PuTTY is present, prepare keys and configuration
+REGRESS_INTEROP_PUTTY=no
+if test -x $PUTTYGEN -a -x $PLINK ; then
+        mkdir -p ${OBJ}/.putty
+
+        # Add a PuTTY key to authorized_keys
+        rm -f ${OBJ}/putty.rsa2
+        puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+        puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+            >> $OBJ/authorized_keys_$USER
+
+        # Convert rsa2 host key to PuTTY format
+        ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
+            ${OBJ}/.putty/sshhostkeys
+        ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
+            ${OBJ}/.putty/sshhostkeys
+
+        # Setup proxied session
+        mkdir -p ${OBJ}/.putty/sessions
+        rm -f ${OBJ}/.putty/sessions/localhost_proxy
+        echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
+        echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
+        echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
+        echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy 
+
+        REGRESS_INTEROP_PUTTY=yes
+fi
+
 # create a proxy version of the client config
 (
         cat $OBJ/ssh_config
@@ -281,8 +319,8 @@ ${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
 start_sshd ()
 {
         # start sshd
-        $SUDO ${SSHD} -f $OBJ/sshd_config -t    || fatal "sshd_config broken"
-        $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1
+        $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
+        $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1
 
         trace "wait for sshd"
         i=0;