- djm@cvs.openbsd.org 2007/12/21 04:13:53

[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] basic (crypto, kex and transfer) interop regression tests against putty To run these, install putty and run "make interop-tests" from the build directory - the tests aren't run by default yet.
2008-03-13 00:17:00 +11:00 · 2008-03-13 00:17:00 +11:00 · af78493bba
parent 4cd5fbab4d
commit af78493bba
7 changed files with 196 additions and 7 deletions
--- a/8
+++ b/8
@ -13,6 +13,12 @@
     unbreak lls command and add a regress test that would have caught the
     breakage; spotted by mouring@
     NB. sftp code change already committed.
+   - djm@cvs.openbsd.org 2007/12/21 04:13:53
+     [regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
+     [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
+     basic (crypto, kex and transfer) interop regression tests against putty
+     To run these, install putty and run "make interop-tests" from the build
+     directory - the tests aren't run by default yet.

 20080311
 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: Move
@ -3734,4 +3740,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@

-$Id: ChangeLog,v 1.4869 2008/03/12 12:59:43 djm Exp $
+$Id: ChangeLog,v 1.4870 2008/03/12 13:17:00 djm Exp $
--- a/regress/Makefile
+++ b/regress/Makefile
@ -1,8 +1,11 @@
-#	$OpenBSD: Makefile,v 1.43 2007/10/29 06:57:13 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.44 2007/12/21 04:13:53 djm Exp $

 REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7 t-exec
 tests:		$(REGRESS_TARGETS)

+# Interop tests are not run by default
+interop: t-exec-interop
+
 clean:
 	for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
 distclean:	clean
@ -45,6 +48,9 @@ LTESTS= 	connect \
 		localcommand \
 		forcecommand

+INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex
+#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
 USER!=		id -un
 CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
 		authorized_keys_${USER} known_hosts pidfile \
@ -55,8 +61,6 @@ CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
 		scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
 		sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv

-#LTESTS +=	ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
-
 t1:
 	ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv

@ -97,3 +101,11 @@ t-exec:	${LTESTS:=.sh}
 		echo "run test $${TEST}" ... 1>&2; \
 		(env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
 	done
+
+t-exec-interop:	${INTEROP_TESTS:=.sh}
+	@if [ "x$?" = "x" ]; then exit 0; fi; \
+	for TEST in ""$?; do \
+		echo "run test $${TEST}" ... 1>&2; \
+		(env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+	done
+
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@ -0,0 +1,30 @@
+#	$OpenBSD: putty-ciphers.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#	Placed in the Public Domain.
+
+tid="putty ciphers"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+	fatal "putty interop tests not enabled"
+fi
+
+for c in aes blowfish 3des arcfour ; do
+	verbose "$tid: cipher $c"
+	cp ${OBJ}/.putty/sessions/localhost_proxy \
+	    ${OBJ}/.putty/sessions/cipher_$c
+	echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+
+	rm -f ${COPY}
+	env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
+	    127.0.0.1 cat ${DATA} > ${COPY}
+	if [ $? -ne 0 ]; then
+		fail "ssh cat $DATA failed"
+	fi
+	cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+done
+rm -f ${COPY}
+
--- a/regress/putty-kex.sh
+++ b/regress/putty-kex.sh
@ -0,0 +1,27 @@
+#	$OpenBSD: putty-kex.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#	Placed in the Public Domain.
+
+tid="putty KEX"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+	fatal "putty interop tests not enabled"
+fi
+
+for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
+	verbose "$tid: kex $k"
+	cp ${OBJ}/.putty/sessions/localhost_proxy \
+	    ${OBJ}/.putty/sessions/kex_$k
+	echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+
+	env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \
+	    127.0.0.1 true
+	if [ $? -ne 0 ]; then
+		fail "KEX $k failed"
+	fi
+done
+
--- a/regress/putty-transfer.sh
+++ b/regress/putty-transfer.sh
@ -0,0 +1,45 @@
+#	$OpenBSD: putty-transfer.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#	Placed in the Public Domain.
+
+tid="putty transfer data"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+	fatal "putty interop tests not enabled"
+fi
+
+# XXX support protocol 1 too
+for p in 2; do
+	for c in 0 1 ; do 
+	verbose "$tid: proto $p compression $c"
+		rm -f ${COPY}
+		cp ${OBJ}/.putty/sessions/localhost_proxy \
+		    ${OBJ}/.putty/sessions/compression_$c
+		echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
+		env HOME=$PWD ${PLINK} -load compression_$c -batch \
+		    -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY}
+		if [ $? -ne 0 ]; then
+			fail "ssh cat $DATA failed"
+		fi
+		cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+	
+		for s in 10 100 1k 32k 64k 128k 256k; do
+			trace "proto $p compression $c dd-size ${s}"
+			rm -f ${COPY}
+			dd if=$DATA obs=${s} 2> /dev/null | \
+				env HOME=$PWD ${PLINK} -load compression_$c \
+				    -batch -i putty.rsa$p 127.0.0.1 \
+				    "cat > ${COPY}"
+			if [ $? -ne 0 ]; then
+				fail "ssh cat $DATA failed"
+			fi
+			cmp $DATA ${COPY}	|| fail "corrupted copy"
+		done
+	done
+done
+rm -f ${COPY}
+
--- a/regress/ssh2putty.sh
+++ b/regress/ssh2putty.sh
@ -0,0 +1,31 @@
+#!/bin/sh
+
+if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
+	echo "Usage: ssh2putty hostname port ssh-private-key"
+	exit 1
+fi
+
+HOST=$1
+PORT=$2
+KEYFILE=$3
+
+# XXX - support DSA keys too
+if ! grep -q "BEGIN RSA PRIVATE KEY" $KEYFILE ; then
+	echo "Unsupported private key format"
+	exit 1
+fi
+
+public_exponent=`
+	openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | 
+	sed 's/.*(//;s/).*//'
+`
+test $? -ne 0 && exit 1
+
+modulus=`
+	openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | 
+	sed 's/^Modulus=/0x/' | tr A-Z a-z
+`
+test $? -ne 0 && exit 1
+
+echo "rsa2@$PORT:$HOST $public_exponent,$modulus"
+
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.30 2007/10/26 05:30:01 djm Exp $
+#	$OpenBSD: test-exec.sh,v 1.31 2007/12/21 04:13:53 djm Exp $
 #	Placed in the Public Domain.

 #SUDO=sudo
@ -69,6 +69,10 @@ SFTP=sftp
 SFTPSERVER=/usr/libexec/openssh/sftp-server
 SCP=scp

+# Interop testing
+PLINK=/usr/local/bin/plink
+PUTTYGEN=/usr/local/bin/puttygen
+
 if [ "x$TEST_SSH_SSH" != "x" ]; then
 	SSH="${TEST_SSH_SSH}"
 fi
@ -96,6 +100,12 @@ fi
 if [ "x$TEST_SSH_SCP" != "x" ]; then
 	SCP="${TEST_SSH_SCP}"
 fi
+if [ "x$TEST_SSH_PLINK" != "x" ]; then
+	PLINK="${TEST_SSH_PLINK}"
+fi
+if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
+	PUTTYGEN="${TEST_SSH_PUTTYGEN}"
+fi

 # Path to sshd must be absolute for rexec
 case "$SSHD" in
@ -269,6 +279,34 @@ for t in rsa rsa1; do
 done
 chmod 644 $OBJ/authorized_keys_$USER

+# If PuTTY is present, prepare keys and configuration
+REGRESS_INTEROP_PUTTY=no
+if test -x $PUTTYGEN -a -x $PLINK ; then
+	mkdir -p ${OBJ}/.putty
+
+	# Add a PuTTY key to authorized_keys
+	rm -f ${OBJ}/putty.rsa2
+	puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+	    >> $OBJ/authorized_keys_$USER
+
+	# Convert rsa2 host key to PuTTY format
+	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
+	    ${OBJ}/.putty/sshhostkeys
+	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
+	    ${OBJ}/.putty/sshhostkeys
+
+	# Setup proxied session
+	mkdir -p ${OBJ}/.putty/sessions
+	rm -f ${OBJ}/.putty/sessions/localhost_proxy
+	echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
+	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
+	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
+	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy 
+
+	REGRESS_INTEROP_PUTTY=yes
+fi
+
 # create a proxy version of the client config
 (
 	cat $OBJ/ssh_config
@ -281,8 +319,8 @@ ${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
 start_sshd ()
 {
 	# start sshd
-	$SUDO ${SSHD} -f $OBJ/sshd_config -t	|| fatal "sshd_config broken"
-	$SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1
+	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
+	$SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1

 	trace "wait for sshd"
 	i=0;