From af78493bba42cd4351eded064fb63b81fa2867a9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 13 Mar 2008 00:17:00 +1100 Subject: - djm@cvs.openbsd.org 2007/12/21 04:13:53 [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] basic (crypto, kex and transfer) interop regression tests against putty To run these, install putty and run "make interop-tests" from the build directory - the tests aren't run by default yet. --- ChangeLog | 8 +++++++- regress/Makefile | 18 +++++++++++++++--- regress/putty-ciphers.sh | 30 ++++++++++++++++++++++++++++++ regress/putty-kex.sh | 27 +++++++++++++++++++++++++++ regress/putty-transfer.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++ regress/ssh2putty.sh | 31 +++++++++++++++++++++++++++++++ regress/test-exec.sh | 44 +++++++++++++++++++++++++++++++++++++++++--- 7 files changed, 196 insertions(+), 7 deletions(-) create mode 100644 regress/putty-ciphers.sh create mode 100644 regress/putty-kex.sh create mode 100644 regress/putty-transfer.sh create mode 100755 regress/ssh2putty.sh diff --git a/ChangeLog b/ChangeLog index e1d1d6e4..b7148f7d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,12 @@ unbreak lls command and add a regress test that would have caught the breakage; spotted by mouring@ NB. sftp code change already committed. + - djm@cvs.openbsd.org 2007/12/21 04:13:53 + [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] + [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] + basic (crypto, kex and transfer) interop regression tests against putty + To run these, install putty and run "make interop-tests" from the build + directory - the tests aren't run by default yet. 20080311 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move @@ -3734,4 +3740,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4869 2008/03/12 12:59:43 djm Exp $ +$Id: ChangeLog,v 1.4870 2008/03/12 13:17:00 djm Exp $ diff --git a/regress/Makefile b/regress/Makefile index 196020db..7b571f7e 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,8 +1,11 @@ -# $OpenBSD: Makefile,v 1.43 2007/10/29 06:57:13 dtucker Exp $ +# $OpenBSD: Makefile,v 1.44 2007/12/21 04:13:53 djm Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) +# Interop tests are not run by default +interop: t-exec-interop + clean: for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done distclean: clean @@ -45,6 +48,9 @@ LTESTS= connect \ localcommand \ forcecommand +INTEROP_TESTS= putty-transfer putty-ciphers putty-kex +#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp + USER!= id -un CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ authorized_keys_${USER} known_hosts pidfile \ @@ -55,8 +61,6 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv -#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp - t1: ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv @@ -97,3 +101,11 @@ t-exec: ${LTESTS:=.sh} echo "run test $${TEST}" ... 1>&2; \ (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ done + +t-exec-interop: ${INTEROP_TESTS:=.sh} + @if [ "x$?" = "x" ]; then exit 0; fi; \ + for TEST in ""$?; do \ + echo "run test $${TEST}" ... 1>&2; \ + (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ + done + diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh new file mode 100644 index 00000000..e9196d62 --- /dev/null +++ b/regress/putty-ciphers.sh @@ -0,0 +1,30 @@ +# $OpenBSD: putty-ciphers.sh,v 1.1 2007/12/21 04:13:53 djm Exp $ +# Placed in the Public Domain. + +tid="putty ciphers" + +DATA=/bin/ls +COPY=${OBJ}/copy + +set -e + +if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then + fatal "putty interop tests not enabled" +fi + +for c in aes blowfish 3des arcfour ; do + verbose "$tid: cipher $c" + cp ${OBJ}/.putty/sessions/localhost_proxy \ + ${OBJ}/.putty/sessions/cipher_$c + echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + + rm -f ${COPY} + env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \ + 127.0.0.1 cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" +done +rm -f ${COPY} + diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh new file mode 100644 index 00000000..d0437c6d --- /dev/null +++ b/regress/putty-kex.sh @@ -0,0 +1,27 @@ +# $OpenBSD: putty-kex.sh,v 1.1 2007/12/21 04:13:53 djm Exp $ +# Placed in the Public Domain. + +tid="putty KEX" + +DATA=/bin/ls +COPY=${OBJ}/copy + +set -e + +if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then + fatal "putty interop tests not enabled" +fi + +for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do + verbose "$tid: kex $k" + cp ${OBJ}/.putty/sessions/localhost_proxy \ + ${OBJ}/.putty/sessions/kex_$k + echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k + + env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \ + 127.0.0.1 true + if [ $? -ne 0 ]; then + fail "KEX $k failed" + fi +done + diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh new file mode 100644 index 00000000..0a4f34ee --- /dev/null +++ b/regress/putty-transfer.sh @@ -0,0 +1,45 @@ +# $OpenBSD: putty-transfer.sh,v 1.1 2007/12/21 04:13:53 djm Exp $ +# Placed in the Public Domain. + +tid="putty transfer data" + +DATA=/bin/ls +COPY=${OBJ}/copy + +set -e + +if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then + fatal "putty interop tests not enabled" +fi + +# XXX support protocol 1 too +for p in 2; do + for c in 0 1 ; do + verbose "$tid: proto $p compression $c" + rm -f ${COPY} + cp ${OBJ}/.putty/sessions/localhost_proxy \ + ${OBJ}/.putty/sessions/compression_$c + echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k + env HOME=$PWD ${PLINK} -load compression_$c -batch \ + -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + + for s in 10 100 1k 32k 64k 128k 256k; do + trace "proto $p compression $c dd-size ${s}" + rm -f ${COPY} + dd if=$DATA obs=${s} 2> /dev/null | \ + env HOME=$PWD ${PLINK} -load compression_$c \ + -batch -i putty.rsa$p 127.0.0.1 \ + "cat > ${COPY}" + if [ $? -ne 0 ]; then + fail "ssh cat $DATA failed" + fi + cmp $DATA ${COPY} || fail "corrupted copy" + done + done +done +rm -f ${COPY} + diff --git a/regress/ssh2putty.sh b/regress/ssh2putty.sh new file mode 100755 index 00000000..82dd4478 --- /dev/null +++ b/regress/ssh2putty.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then + echo "Usage: ssh2putty hostname port ssh-private-key" + exit 1 +fi + +HOST=$1 +PORT=$2 +KEYFILE=$3 + +# XXX - support DSA keys too +if ! grep -q "BEGIN RSA PRIVATE KEY" $KEYFILE ; then + echo "Unsupported private key format" + exit 1 +fi + +public_exponent=` + openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | + sed 's/.*(//;s/).*//' +` +test $? -ne 0 && exit 1 + +modulus=` + openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | + sed 's/^Modulus=/0x/' | tr A-Z a-z +` +test $? -ne 0 && exit 1 + +echo "rsa2@$PORT:$HOST $public_exponent,$modulus" + diff --git a/regress/test-exec.sh b/regress/test-exec.sh index e4477806..1eb9ff72 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.30 2007/10/26 05:30:01 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.31 2007/12/21 04:13:53 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -69,6 +69,10 @@ SFTP=sftp SFTPSERVER=/usr/libexec/openssh/sftp-server SCP=scp +# Interop testing +PLINK=/usr/local/bin/plink +PUTTYGEN=/usr/local/bin/puttygen + if [ "x$TEST_SSH_SSH" != "x" ]; then SSH="${TEST_SSH_SSH}" fi @@ -96,6 +100,12 @@ fi if [ "x$TEST_SSH_SCP" != "x" ]; then SCP="${TEST_SSH_SCP}" fi +if [ "x$TEST_SSH_PLINK" != "x" ]; then + PLINK="${TEST_SSH_PLINK}" +fi +if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then + PUTTYGEN="${TEST_SSH_PUTTYGEN}" +fi # Path to sshd must be absolute for rexec case "$SSHD" in @@ -269,6 +279,34 @@ for t in rsa rsa1; do done chmod 644 $OBJ/authorized_keys_$USER +# If PuTTY is present, prepare keys and configuration +REGRESS_INTEROP_PUTTY=no +if test -x $PUTTYGEN -a -x $PLINK ; then + mkdir -p ${OBJ}/.putty + + # Add a PuTTY key to authorized_keys + rm -f ${OBJ}/putty.rsa2 + puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null + puttygen -O public-openssh ${OBJ}/putty.rsa2 \ + >> $OBJ/authorized_keys_$USER + + # Convert rsa2 host key to PuTTY format + ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \ + ${OBJ}/.putty/sshhostkeys + ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \ + ${OBJ}/.putty/sshhostkeys + + # Setup proxied session + mkdir -p ${OBJ}/.putty/sessions + rm -f ${OBJ}/.putty/sessions/localhost_proxy + echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy + + REGRESS_INTEROP_PUTTY=yes +fi + # create a proxy version of the client config ( cat $OBJ/ssh_config @@ -281,8 +319,8 @@ ${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" start_sshd () { # start sshd - $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" - $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 + $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" + $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1 trace "wait for sshd" i=0; -- cgit v1.2.3