- djm@cvs.openbsd.org 2007/12/21 04:13:53
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
basic (crypto, kex and transfer) interop regression tests against putty
To run these, install putty and run "make interop-tests" from the build
directory - the tests aren't run by default yet.
diff --git a/ChangeLog b/ChangeLog
index e1d1d6e..b7148f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,12 @@
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
NB. sftp code change already committed.
+ - djm@cvs.openbsd.org 2007/12/21 04:13:53
+ [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
+ [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
+ basic (crypto, kex and transfer) interop regression tests against putty
+ To run these, install putty and run "make interop-tests" from the build
+ directory - the tests aren't run by default yet.
20080311
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
@@ -3734,4 +3740,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4869 2008/03/12 12:59:43 djm Exp $
+$Id: ChangeLog,v 1.4870 2008/03/12 13:17:00 djm Exp $
diff --git a/regress/Makefile b/regress/Makefile
index 196020d..7b571f7 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,8 +1,11 @@
-# $OpenBSD: Makefile,v 1.43 2007/10/29 06:57:13 dtucker Exp $
+# $OpenBSD: Makefile,v 1.44 2007/12/21 04:13:53 djm Exp $
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec
tests: $(REGRESS_TARGETS)
+# Interop tests are not run by default
+interop: t-exec-interop
+
clean:
for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
distclean: clean
@@ -45,6 +48,9 @@
localcommand \
forcecommand
+INTEROP_TESTS= putty-transfer putty-ciphers putty-kex
+#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
USER!= id -un
CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
authorized_keys_${USER} known_hosts pidfile \
@@ -55,8 +61,6 @@
scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv
-#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
-
t1:
ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
@@ -97,3 +101,11 @@
echo "run test $${TEST}" ... 1>&2; \
(env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
done
+
+t-exec-interop: ${INTEROP_TESTS:=.sh}
+ @if [ "x$?" = "x" ]; then exit 0; fi; \
+ for TEST in ""$?; do \
+ echo "run test $${TEST}" ... 1>&2; \
+ (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+ done
+
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
new file mode 100644
index 0000000..e9196d6
--- /dev/null
+++ b/regress/putty-ciphers.sh
@@ -0,0 +1,30 @@
+# $OpenBSD: putty-ciphers.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+# Placed in the Public Domain.
+
+tid="putty ciphers"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+ fatal "putty interop tests not enabled"
+fi
+
+for c in aes blowfish 3des arcfour ; do
+ verbose "$tid: cipher $c"
+ cp ${OBJ}/.putty/sessions/localhost_proxy \
+ ${OBJ}/.putty/sessions/cipher_$c
+ echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+
+ rm -f ${COPY}
+ env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
+ 127.0.0.1 cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+done
+rm -f ${COPY}
+
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
new file mode 100644
index 0000000..d0437c6
--- /dev/null
+++ b/regress/putty-kex.sh
@@ -0,0 +1,27 @@
+# $OpenBSD: putty-kex.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+# Placed in the Public Domain.
+
+tid="putty KEX"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+ fatal "putty interop tests not enabled"
+fi
+
+for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
+ verbose "$tid: kex $k"
+ cp ${OBJ}/.putty/sessions/localhost_proxy \
+ ${OBJ}/.putty/sessions/kex_$k
+ echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+
+ env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \
+ 127.0.0.1 true
+ if [ $? -ne 0 ]; then
+ fail "KEX $k failed"
+ fi
+done
+
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
new file mode 100644
index 0000000..0a4f34e
--- /dev/null
+++ b/regress/putty-transfer.sh
@@ -0,0 +1,45 @@
+# $OpenBSD: putty-transfer.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+# Placed in the Public Domain.
+
+tid="putty transfer data"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+ fatal "putty interop tests not enabled"
+fi
+
+# XXX support protocol 1 too
+for p in 2; do
+ for c in 0 1 ; do
+ verbose "$tid: proto $p compression $c"
+ rm -f ${COPY}
+ cp ${OBJ}/.putty/sessions/localhost_proxy \
+ ${OBJ}/.putty/sessions/compression_$c
+ echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
+ env HOME=$PWD ${PLINK} -load compression_$c -batch \
+ -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ trace "proto $p compression $c dd-size ${s}"
+ rm -f ${COPY}
+ dd if=$DATA obs=${s} 2> /dev/null | \
+ env HOME=$PWD ${PLINK} -load compression_$c \
+ -batch -i putty.rsa$p 127.0.0.1 \
+ "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ done
+ done
+done
+rm -f ${COPY}
+
diff --git a/regress/ssh2putty.sh b/regress/ssh2putty.sh
new file mode 100755
index 0000000..82dd447
--- /dev/null
+++ b/regress/ssh2putty.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
+ echo "Usage: ssh2putty hostname port ssh-private-key"
+ exit 1
+fi
+
+HOST=$1
+PORT=$2
+KEYFILE=$3
+
+# XXX - support DSA keys too
+if ! grep -q "BEGIN RSA PRIVATE KEY" $KEYFILE ; then
+ echo "Unsupported private key format"
+ exit 1
+fi
+
+public_exponent=`
+ openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent |
+ sed 's/.*(//;s/).*//'
+`
+test $? -ne 0 && exit 1
+
+modulus=`
+ openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= |
+ sed 's/^Modulus=/0x/' | tr A-Z a-z
+`
+test $? -ne 0 && exit 1
+
+echo "rsa2@$PORT:$HOST $public_exponent,$modulus"
+
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index e447780..1eb9ff7 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.30 2007/10/26 05:30:01 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.31 2007/12/21 04:13:53 djm Exp $
# Placed in the Public Domain.
#SUDO=sudo
@@ -69,6 +69,10 @@
SFTPSERVER=/usr/libexec/openssh/sftp-server
SCP=scp
+# Interop testing
+PLINK=/usr/local/bin/plink
+PUTTYGEN=/usr/local/bin/puttygen
+
if [ "x$TEST_SSH_SSH" != "x" ]; then
SSH="${TEST_SSH_SSH}"
fi
@@ -96,6 +100,12 @@
if [ "x$TEST_SSH_SCP" != "x" ]; then
SCP="${TEST_SSH_SCP}"
fi
+if [ "x$TEST_SSH_PLINK" != "x" ]; then
+ PLINK="${TEST_SSH_PLINK}"
+fi
+if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
+ PUTTYGEN="${TEST_SSH_PUTTYGEN}"
+fi
# Path to sshd must be absolute for rexec
case "$SSHD" in
@@ -269,6 +279,34 @@
done
chmod 644 $OBJ/authorized_keys_$USER
+# If PuTTY is present, prepare keys and configuration
+REGRESS_INTEROP_PUTTY=no
+if test -x $PUTTYGEN -a -x $PLINK ; then
+ mkdir -p ${OBJ}/.putty
+
+ # Add a PuTTY key to authorized_keys
+ rm -f ${OBJ}/putty.rsa2
+ puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+ puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+ >> $OBJ/authorized_keys_$USER
+
+ # Convert rsa2 host key to PuTTY format
+ ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
+ ${OBJ}/.putty/sshhostkeys
+ ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
+ ${OBJ}/.putty/sshhostkeys
+
+ # Setup proxied session
+ mkdir -p ${OBJ}/.putty/sessions
+ rm -f ${OBJ}/.putty/sessions/localhost_proxy
+ echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
+
+ REGRESS_INTEROP_PUTTY=yes
+fi
+
# create a proxy version of the client config
(
cat $OBJ/ssh_config
@@ -281,8 +319,8 @@
start_sshd ()
{
# start sshd
- $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken"
- $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1
+ $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
+ $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1
trace "wait for sshd"
i=0;