basic (crypto, kex and transfer) interop regression tests against putty

To run these, install the net/putty port and run "make interop" - the
tests aren't run by default yet.

6 files changed, 195 insertions, 8 deletions

diff --git a/regress/usr.bin/ssh/Makefile b/regress/usr.bin/ssh/Makefile
index 113443dd5e7..a848b46ba3d 100644
--- a/regress/usr.bin/ssh/Makefile
+++ b/regress/usr.bin/ssh/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.43 2007/10/29 06:57:13 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.44 2007/12/21 04:13:53 djm Exp $
 
 REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7
 
@@ -42,6 +42,10 @@ LTESTS= 	connect \
 		localcommand \
 		forcecommand
 
+INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex
+#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
+
 USER!=		id -un
 CLEANFILES+=	authorized_keys_${USER} known_hosts pidfile \
 		ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \
@@ -51,8 +55,6 @@ CLEANFILES+=	authorized_keys_${USER} known_hosts pidfile \
 		scp-ssh-wrapper.exe ssh_proxy_envpass remote_pid \
 		sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv
 
-#LTESTS+=	ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
-
 t1:
 	ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
 	tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv
@@ -91,10 +93,24 @@ t7: t7.out
 	ssh-keygen -lf t7.out > /dev/null
 	ssh-keygen -Bf t7.out > /dev/null
 
-.for t in ${LTESTS}
-REGRESS_TARGETS+=t-${t}
+.for t in ${LTESTS} ${INTEROP_TESTS}
 t-${t}:
 	env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
 .endfor
 
+.for t in ${LTESTS}
+REGRESS_TARGETS+=t-${t}
+.endfor
+
+.for t in ${INTEROP_TESTS}
+INTEROP_TARGETS+=t-${t}
+.endfor
+
+# Not run by default
+interop: ${INTEROP_TARGETS}
+
+clean:
+	rm -f ${CLEANFILES}
+	rm -rf .putty
+
 .include <bsd.regress.mk>
diff --git a/regress/usr.bin/ssh/putty-ciphers.sh b/regress/usr.bin/ssh/putty-ciphers.sh
new file mode 100644
index 00000000000..e9196d62148
--- /dev/null
+++ b/regress/usr.bin/ssh/putty-ciphers.sh
@@ -0,0 +1,30 @@
+#	$OpenBSD: putty-ciphers.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#	Placed in the Public Domain.
+
+tid="putty ciphers"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+	fatal "putty interop tests not enabled"
+fi
+
+for c in aes blowfish 3des arcfour ; do
+	verbose "$tid: cipher $c"
+	cp ${OBJ}/.putty/sessions/localhost_proxy \
+	    ${OBJ}/.putty/sessions/cipher_$c
+	echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+
+	rm -f ${COPY}
+	env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
+	    127.0.0.1 cat ${DATA} > ${COPY}
+	if [ $? -ne 0 ]; then
+		fail "ssh cat $DATA failed"
+	fi
+	cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+done
+rm -f ${COPY}
+
diff --git a/regress/usr.bin/ssh/putty-kex.sh b/regress/usr.bin/ssh/putty-kex.sh
new file mode 100644
index 00000000000..d0437c6d568
--- /dev/null
+++ b/regress/usr.bin/ssh/putty-kex.sh
@@ -0,0 +1,27 @@
+#	$OpenBSD: putty-kex.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#	Placed in the Public Domain.
+
+tid="putty KEX"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+	fatal "putty interop tests not enabled"
+fi
+
+for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
+	verbose "$tid: kex $k"
+	cp ${OBJ}/.putty/sessions/localhost_proxy \
+	    ${OBJ}/.putty/sessions/kex_$k
+	echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+
+	env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \
+	    127.0.0.1 true
+	if [ $? -ne 0 ]; then
+		fail "KEX $k failed"
+	fi
+done
+
diff --git a/regress/usr.bin/ssh/putty-transfer.sh b/regress/usr.bin/ssh/putty-transfer.sh
new file mode 100644
index 00000000000..0a4f34ee6dc
--- /dev/null
+++ b/regress/usr.bin/ssh/putty-transfer.sh
@@ -0,0 +1,45 @@
+#	$OpenBSD: putty-transfer.sh,v 1.1 2007/12/21 04:13:53 djm Exp $
+#	Placed in the Public Domain.
+
+tid="putty transfer data"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+set -e
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+	fatal "putty interop tests not enabled"
+fi
+
+# XXX support protocol 1 too
+for p in 2; do
+	for c in 0 1 ; do 
+	verbose "$tid: proto $p compression $c"
+		rm -f ${COPY}
+		cp ${OBJ}/.putty/sessions/localhost_proxy \
+		    ${OBJ}/.putty/sessions/compression_$c
+		echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
+		env HOME=$PWD ${PLINK} -load compression_$c -batch \
+		    -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY}
+		if [ $? -ne 0 ]; then
+			fail "ssh cat $DATA failed"
+		fi
+		cmp ${DATA} ${COPY}		|| fail "corrupted copy"
+	
+		for s in 10 100 1k 32k 64k 128k 256k; do
+			trace "proto $p compression $c dd-size ${s}"
+			rm -f ${COPY}
+			dd if=$DATA obs=${s} 2> /dev/null | \
+				env HOME=$PWD ${PLINK} -load compression_$c \
+				    -batch -i putty.rsa$p 127.0.0.1 \
+				    "cat > ${COPY}"
+			if [ $? -ne 0 ]; then
+				fail "ssh cat $DATA failed"
+			fi
+			cmp $DATA ${COPY}	|| fail "corrupted copy"
+		done
+	done
+done
+rm -f ${COPY}
+
diff --git a/regress/usr.bin/ssh/ssh2putty.sh b/regress/usr.bin/ssh/ssh2putty.sh
new file mode 100755
index 00000000000..82dd4478739
--- /dev/null
+++ b/regress/usr.bin/ssh/ssh2putty.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
+	echo "Usage: ssh2putty hostname port ssh-private-key"
+	exit 1
+fi
+
+HOST=$1
+PORT=$2
+KEYFILE=$3
+
+# XXX - support DSA keys too
+if ! grep -q "BEGIN RSA PRIVATE KEY" $KEYFILE ; then
+	echo "Unsupported private key format"
+	exit 1
+fi
+
+public_exponent=`
+	openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent | 
+	sed 's/.*(//;s/).*//'
+`
+test $? -ne 0 && exit 1
+
+modulus=`
+	openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= | 
+	sed 's/^Modulus=/0x/' | tr A-Z a-z
+`
+test $? -ne 0 && exit 1
+
+echo "rsa2@$PORT:$HOST $public_exponent,$modulus"
+
diff --git a/regress/usr.bin/ssh/test-exec.sh b/regress/usr.bin/ssh/test-exec.sh
index 06aaffd5944..1482a2539f7 100644
--- a/regress/usr.bin/ssh/test-exec.sh
+++ b/regress/usr.bin/ssh/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.30 2007/10/26 05:30:01 djm Exp $
+#	$OpenBSD: test-exec.sh,v 1.31 2007/12/21 04:13:53 djm Exp $
 #	Placed in the Public Domain.
 
 USER=`id -un`
@@ -49,6 +49,10 @@ SFTP=sftp
 SFTPSERVER=/usr/libexec/sftp-server
 SCP=scp
 
+# Interop testing
+PLINK=/usr/local/bin/plink
+PUTTYGEN=/usr/local/bin/puttygen
+
 if [ "x$TEST_SSH_SSH" != "x" ]; then
 	SSH="${TEST_SSH_SSH}"
 fi
@@ -76,6 +80,12 @@ fi
 if [ "x$TEST_SSH_SCP" != "x" ]; then
 	SCP="${TEST_SSH_SCP}"
 fi
+if [ "x$TEST_SSH_PLINK" != "x" ]; then
+	PLINK="${TEST_SSH_PLINK}"
+fi
+if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
+	PUTTYGEN="${TEST_SSH_PUTTYGEN}"
+fi
 
 # Path to sshd must be absolute for rexec
 if [ ! -x /$SSHD ]; then
@@ -222,6 +232,34 @@ for t in rsa rsa1; do
 done
 chmod 644 $OBJ/authorized_keys_$USER
 
+# If PuTTY is present, prepare keys and configuration
+REGRESS_INTEROP_PUTTY=no
+if test -x $PUTTYGEN -a -x $PLINK ; then
+	mkdir -p ${OBJ}/.putty
+
+	# Add a PuTTY key to authorized_keys
+	rm -f ${OBJ}/putty.rsa2
+	puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+	    >> $OBJ/authorized_keys_$USER
+
+	# Convert rsa2 host key to PuTTY format
+	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
+	    ${OBJ}/.putty/sshhostkeys
+	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
+	    ${OBJ}/.putty/sshhostkeys
+
+	# Setup proxied session
+	mkdir -p ${OBJ}/.putty/sessions
+	rm -f ${OBJ}/.putty/sessions/localhost_proxy
+	echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
+	echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
+	echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
+	echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy 
+
+	REGRESS_INTEROP_PUTTY=yes
+fi
+
 # create a proxy version of the client config
 (
 	cat $OBJ/ssh_config
@@ -234,8 +272,8 @@ ${SSHD} -t -f $OBJ/sshd_proxy	|| fatal "sshd_proxy broken"
 start_sshd ()
 {
 	# start sshd
-	$SUDO ${SSHD} -f $OBJ/sshd_config -t	|| fatal "sshd_config broken"
-	$SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1
+	$SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
+	$SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1
 
 	trace "wait for sshd"
 	i=0;