Move some tests into the test subdirectory.

Now testcrypt has _two_ header files, that's more files than I want at
the top level, so I decided to move it.

It has a good claim to live in either 'test' or 'crypto', but in the
end I decided it wasn't quite specific enough to crypto (it already
also tests things in keygen and proxy), and also, the Python half of
the mechanism already lives in 'test', so it can live alongside that.

Having done that, it seemed silly to leave testsc and testzlib at the
top level: those have 'test' in the names as well, so they can go in
the test subdir as well.

While I'm renaming, also renamed testcrypt.h to testcrypt-func.h to
distinguish it from the new testcrypt-enum.h.

test/testcrypt-enum.h

@@ -0,0 +1,144 @@
+BEGIN_ENUM_TYPE(hashalg)
+    ENUM_VALUE("md5", &ssh_md5)
+    ENUM_VALUE("sha1", &ssh_sha1)
+    ENUM_VALUE("sha1_sw", &ssh_sha1_sw)
+    ENUM_VALUE("sha256", &ssh_sha256)
+    ENUM_VALUE("sha384", &ssh_sha384)
+    ENUM_VALUE("sha512", &ssh_sha512)
+    ENUM_VALUE("sha256_sw", &ssh_sha256_sw)
+    ENUM_VALUE("sha384_sw", &ssh_sha384_sw)
+    ENUM_VALUE("sha512_sw", &ssh_sha512_sw)
+#if HAVE_SHA_NI
+    ENUM_VALUE("sha1_ni", &ssh_sha1_ni)
+    ENUM_VALUE("sha256_ni", &ssh_sha256_ni)
+#endif
+#if HAVE_NEON_CRYPTO
+    ENUM_VALUE("sha1_neon", &ssh_sha1_neon)
+    ENUM_VALUE("sha256_neon", &ssh_sha256_neon)
+#endif
+#if HAVE_NEON_SHA512
+    ENUM_VALUE("sha384_neon", &ssh_sha384_neon)
+    ENUM_VALUE("sha512_neon", &ssh_sha512_neon)
+#endif
+    ENUM_VALUE("sha3_224", &ssh_sha3_224)
+    ENUM_VALUE("sha3_256", &ssh_sha3_256)
+    ENUM_VALUE("sha3_384", &ssh_sha3_384)
+    ENUM_VALUE("sha3_512", &ssh_sha3_512)
+    ENUM_VALUE("shake256_114bytes", &ssh_shake256_114bytes)
+    ENUM_VALUE("blake2b", &ssh_blake2b)
+END_ENUM_TYPE(hashalg)
+
+BEGIN_ENUM_TYPE(macalg)
+    ENUM_VALUE("hmac_md5", &ssh_hmac_md5)
+    ENUM_VALUE("hmac_sha1", &ssh_hmac_sha1)
+    ENUM_VALUE("hmac_sha1_buggy", &ssh_hmac_sha1_buggy)
+    ENUM_VALUE("hmac_sha1_96", &ssh_hmac_sha1_96)
+    ENUM_VALUE("hmac_sha1_96_buggy", &ssh_hmac_sha1_96_buggy)
+    ENUM_VALUE("hmac_sha256", &ssh_hmac_sha256)
+    ENUM_VALUE("poly1305", &ssh2_poly1305)
+END_ENUM_TYPE(macalg)
+
+BEGIN_ENUM_TYPE(keyalg)
+    ENUM_VALUE("dsa", &ssh_dsa)
+    ENUM_VALUE("rsa", &ssh_rsa)
+    ENUM_VALUE("ed25519", &ssh_ecdsa_ed25519)
+    ENUM_VALUE("ed448", &ssh_ecdsa_ed448)
+    ENUM_VALUE("p256", &ssh_ecdsa_nistp256)
+    ENUM_VALUE("p384", &ssh_ecdsa_nistp384)
+    ENUM_VALUE("p521", &ssh_ecdsa_nistp521)
+END_ENUM_TYPE(keyalg)
+
+BEGIN_ENUM_TYPE(cipheralg)
+    ENUM_VALUE("3des_ctr", &ssh_3des_ssh2_ctr)
+    ENUM_VALUE("3des_ssh2", &ssh_3des_ssh2)
+    ENUM_VALUE("3des_ssh1", &ssh_3des_ssh1)
+    ENUM_VALUE("des_cbc", &ssh_des)
+    ENUM_VALUE("aes256_ctr", &ssh_aes256_sdctr)
+    ENUM_VALUE("aes256_cbc", &ssh_aes256_cbc)
+    ENUM_VALUE("aes192_ctr", &ssh_aes192_sdctr)
+    ENUM_VALUE("aes192_cbc", &ssh_aes192_cbc)
+    ENUM_VALUE("aes128_ctr", &ssh_aes128_sdctr)
+    ENUM_VALUE("aes128_cbc", &ssh_aes128_cbc)
+    ENUM_VALUE("aes256_ctr_sw", &ssh_aes256_sdctr_sw)
+    ENUM_VALUE("aes256_cbc_sw", &ssh_aes256_cbc_sw)
+    ENUM_VALUE("aes192_ctr_sw", &ssh_aes192_sdctr_sw)
+    ENUM_VALUE("aes192_cbc_sw", &ssh_aes192_cbc_sw)
+    ENUM_VALUE("aes128_ctr_sw", &ssh_aes128_sdctr_sw)
+    ENUM_VALUE("aes128_cbc_sw", &ssh_aes128_cbc_sw)
+#if HAVE_AES_NI
+    ENUM_VALUE("aes256_ctr_ni", &ssh_aes256_sdctr_ni)
+    ENUM_VALUE("aes256_cbc_ni", &ssh_aes256_cbc_ni)
+    ENUM_VALUE("aes192_ctr_ni", &ssh_aes192_sdctr_ni)
+    ENUM_VALUE("aes192_cbc_ni", &ssh_aes192_cbc_ni)
+    ENUM_VALUE("aes128_ctr_ni", &ssh_aes128_sdctr_ni)
+    ENUM_VALUE("aes128_cbc_ni", &ssh_aes128_cbc_ni)
+#endif
+#if HAVE_NEON_CRYPTO
+    ENUM_VALUE("aes256_ctr_neon", &ssh_aes256_sdctr_neon)
+    ENUM_VALUE("aes256_cbc_neon", &ssh_aes256_cbc_neon)
+    ENUM_VALUE("aes192_ctr_neon", &ssh_aes192_sdctr_neon)
+    ENUM_VALUE("aes192_cbc_neon", &ssh_aes192_cbc_neon)
+    ENUM_VALUE("aes128_ctr_neon", &ssh_aes128_sdctr_neon)
+    ENUM_VALUE("aes128_cbc_neon", &ssh_aes128_cbc_neon)
+#endif
+    ENUM_VALUE("blowfish_ctr", &ssh_blowfish_ssh2_ctr)
+    ENUM_VALUE("blowfish_ssh2", &ssh_blowfish_ssh2)
+    ENUM_VALUE("blowfish_ssh1", &ssh_blowfish_ssh1)
+    ENUM_VALUE("arcfour256", &ssh_arcfour256_ssh2)
+    ENUM_VALUE("arcfour128", &ssh_arcfour128_ssh2)
+    ENUM_VALUE("chacha20_poly1305", &ssh2_chacha20_poly1305)
+END_ENUM_TYPE(cipheralg)
+
+BEGIN_ENUM_TYPE(dh_group)
+    ENUM_VALUE("group1", &ssh_diffiehellman_group1_sha1)
+    ENUM_VALUE("group14", &ssh_diffiehellman_group14_sha256)
+END_ENUM_TYPE(dh_group)
+
+BEGIN_ENUM_TYPE(ecdh_alg)
+    ENUM_VALUE("curve25519", &ssh_ec_kex_curve25519)
+    ENUM_VALUE("curve448", &ssh_ec_kex_curve448)
+    ENUM_VALUE("nistp256", &ssh_ec_kex_nistp256)
+    ENUM_VALUE("nistp384", &ssh_ec_kex_nistp384)
+    ENUM_VALUE("nistp521", &ssh_ec_kex_nistp521)
+END_ENUM_TYPE(ecdh_alg)
+
+BEGIN_ENUM_TYPE(rsaorder)
+    ENUM_VALUE("exponent_first", RSA_SSH1_EXPONENT_FIRST)
+    ENUM_VALUE("modulus_first", RSA_SSH1_MODULUS_FIRST)
+END_ENUM_TYPE(rsaorder)
+
+BEGIN_ENUM_TYPE(primegenpolicy)
+    ENUM_VALUE("probabilistic", &primegen_probabilistic)
+    ENUM_VALUE("provable_fast", &primegen_provable_fast)
+    ENUM_VALUE("provable_maurer_simple", &primegen_provable_maurer_simple)
+    ENUM_VALUE("provable_maurer_complex", &primegen_provable_maurer_complex)
+END_ENUM_TYPE(primegenpolicy)
+
+BEGIN_ENUM_TYPE(argon2flavour)
+    ENUM_VALUE("d", Argon2d)
+    ENUM_VALUE("i", Argon2i)
+    ENUM_VALUE("id", Argon2id)
+    /* I expect to forget which spelling I chose, so let's support many */
+    ENUM_VALUE("argon2d", Argon2d)
+    ENUM_VALUE("argon2i", Argon2i)
+    ENUM_VALUE("argon2id", Argon2id)
+    ENUM_VALUE("Argon2d", Argon2d)
+    ENUM_VALUE("Argon2i", Argon2i)
+    ENUM_VALUE("Argon2id", Argon2id)
+END_ENUM_TYPE(argon2flavour)
+
+BEGIN_ENUM_TYPE(fptype)
+    ENUM_VALUE("md5", SSH_FPTYPE_MD5)
+    ENUM_VALUE("sha256", SSH_FPTYPE_SHA256)
+END_ENUM_TYPE(fptype)
+
+/*
+ * cproxy.h already has a list macro mapping protocol-specified
+ * strings to the list of HTTP Digest hash functions. Rather than
+ * invent a separate one for testcrypt, reuse the existing names.
+ */
+BEGIN_ENUM_TYPE(httpdigesthash)
+    #define DECL_ARRAY(id, str, alg, bits) ENUM_VALUE(str, id)
+    HTTP_DIGEST_HASHES(DECL_ARRAY)
+    #undef DECL_ARRAY
+END_ENUM_TYPE(httpdigesthash)

test/testcrypt-func.h

@@ -0,0 +1,562 @@
+/*
+ * List of functions exported by the 'testcrypt' system to provide a
+ * Python API for running unit tests and auxiliary programs.
+ *
+ * Each function definition in this file has the form
+ *
+ *   FUNC(return-type, function-name, (arguments))
+ *
+ * where 'arguments' in turn is either VOID, or a comma-separated list
+ * of argument specifications of the form
+ *
+ *   ARG(argument-type, argument-name)
+ *
+ * Type names are always single identifiers, and they have some
+ * standard prefixes:
+ *
+ * 'val_' means that the type refers to something dynamically
+ * allocated, so that it has a persistent identity, needs to be freed
+ * when finished with (though this is done automatically by the
+ * testcrypt.py system via Python's reference counting), and may also
+ * be mutable. The argument type in C will be a pointer; in Python the
+ * corresponding argument will be an instance of a 'Value' object
+ * defined in testcrypt.py.
+ *
+ * 'opt_val_' is a modification of 'val_' to indicate that the pointer
+ * may be NULL. In Python this is translated by accepting (or
+ * returning) None as an alternative to a Value.
+ *
+ * 'out_' on an argument type indicates an additional output
+ * parameter. The argument type in C has an extra layer of
+ * indirection, e.g. an 'out_val_mpint' is an 'mpint **' instead of an
+ * 'mpint *', identifying a pointer variable where the returned
+ * pointer value will be written. In the Python API, these arguments
+ * do not appear in the argument list of the Python function; instead
+ * they cause the return value to become a tuple, with additional
+ * types appended. For example, a declaration like
+ *
+ *    FUNC(val_foo, example, (ARG(out_val_bar, bar), ARG(val_baz, baz)))
+ *
+ * would identify a function in C with the following prototype, which
+ * returns a 'foo *' directly and a 'bar *' by writing it through the
+ * provided 'bar **' pointer argument:
+ *
+ *    foo *example(bar **extra_output, baz *input);
+ *
+ * and in Python this would become a function taking one argument of
+ * type 'baz' and returning a tuple of the form (foo, bar).
+ *
+ * 'out_' and 'opt_' can go together, if a function returns a second
+ * output value but it may in some cases be NULL.
+ *
+ * 'consumed_' on an argument type indicates that the C function
+ * receiving that argument frees it as a side effect.
+ *
+ * Any argument type which does not start 'val_' is plain old data
+ * with no dynamic allocation requirements. Ordinary C integers are
+ * sometimes handled this way (e.g. 'uint'). Other plain-data types
+ * are represented in Python as a string that must be one of a
+ * recognised set of keywords; in C these variously translate into
+ * enumeration types (e.g. argon2flavour, rsaorder) or pointers to
+ * const vtables of one kind or another (e.g. keyalg, hashalg,
+ * primegenpolicy).
+ *
+ * If a function definition begins with FUNC_WRAPPED rather than FUNC,
+ * it means that the underlying C function has a suffix "_wrapper",
+ * e.g. ssh_cipher_setiv_wrapper(). Those wrappers are defined in
+ * testcrypt.c itself, and change the API or semantics in a way that
+ * makes the function more Python-friendly.
+ */
+
+/*
+ * mpint.h functions.
+ */
+FUNC(val_mpint, mp_new, (ARG(uint, maxbits)))
+FUNC(void, mp_clear, (ARG(val_mpint, x)))
+FUNC(val_mpint, mp_from_bytes_le, (ARG(val_string_ptrlen, bytes)))
+FUNC(val_mpint, mp_from_bytes_be, (ARG(val_string_ptrlen, bytes)))
+FUNC(val_mpint, mp_from_integer, (ARG(uint, n)))
+FUNC(val_mpint, mp_from_decimal_pl, (ARG(val_string_ptrlen, decimal)))
+FUNC(val_mpint, mp_from_decimal, (ARG(val_string_asciz, decimal)))
+FUNC(val_mpint, mp_from_hex_pl, (ARG(val_string_ptrlen, hex)))
+FUNC(val_mpint, mp_from_hex, (ARG(val_string_asciz, hex)))
+FUNC(val_mpint, mp_copy, (ARG(val_mpint, x)))
+FUNC(val_mpint, mp_power_2, (ARG(uint, power)))
+FUNC(uint, mp_get_byte, (ARG(val_mpint, x), ARG(uint, byte)))
+FUNC(uint, mp_get_bit, (ARG(val_mpint, x), ARG(uint, bit)))
+FUNC(void, mp_set_bit, (ARG(val_mpint, x), ARG(uint, bit), ARG(uint, val)))
+FUNC(uint, mp_max_bytes, (ARG(val_mpint, x)))
+FUNC(uint, mp_max_bits, (ARG(val_mpint, x)))
+FUNC(uint, mp_get_nbits, (ARG(val_mpint, x)))
+FUNC(val_string_asciz, mp_get_decimal, (ARG(val_mpint, x)))
+FUNC(val_string_asciz, mp_get_hex, (ARG(val_mpint, x)))
+FUNC(val_string_asciz, mp_get_hex_uppercase, (ARG(val_mpint, x)))
+FUNC(uint, mp_cmp_hs, (ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(uint, mp_cmp_eq, (ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(uint, mp_hs_integer, (ARG(val_mpint, x), ARG(uint, n)))
+FUNC(uint, mp_eq_integer, (ARG(val_mpint, x), ARG(uint, n)))
+FUNC(void, mp_min_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(void, mp_max_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, mp_min, (ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, mp_max, (ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(void, mp_copy_into, (ARG(val_mpint, dest), ARG(val_mpint, src)))
+FUNC(void, mp_select_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, src0), ARG(val_mpint, src1),
+      ARG(uint, choose_src1)))
+FUNC(void, mp_add_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(void, mp_sub_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(void, mp_mul_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(val_mpint, mp_add, (ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, mp_sub, (ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, mp_mul, (ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(void, mp_and_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(void, mp_or_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(void, mp_xor_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(void, mp_bic_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(void, mp_copy_integer_into, (ARG(val_mpint, dest), ARG(uint, n)))
+FUNC(void, mp_add_integer_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(uint, n)))
+FUNC(void, mp_sub_integer_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(uint, n)))
+FUNC(void, mp_mul_integer_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(uint, n)))
+FUNC(void, mp_cond_add_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b),
+      ARG(uint, yes)))
+FUNC(void, mp_cond_sub_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, a), ARG(val_mpint, b),
+      ARG(uint, yes)))
+FUNC(void, mp_cond_swap,
+     (ARG(val_mpint, x0), ARG(val_mpint, x1), ARG(uint, swap)))
+FUNC(void, mp_cond_clear, (ARG(val_mpint, x), ARG(uint, clear)))
+FUNC(void, mp_divmod_into,
+     (ARG(val_mpint, n), ARG(val_mpint, d), ARG(opt_val_mpint, q),
+      ARG(opt_val_mpint, r)))
+FUNC(val_mpint, mp_div, (ARG(val_mpint, n), ARG(val_mpint, d)))
+FUNC(val_mpint, mp_mod, (ARG(val_mpint, x), ARG(val_mpint, modulus)))
+FUNC(val_mpint, mp_nthroot,
+     (ARG(val_mpint, y), ARG(uint, n), ARG(opt_val_mpint, remainder)))
+FUNC(void, mp_reduce_mod_2to, (ARG(val_mpint, x), ARG(uint, p)))
+FUNC(val_mpint, mp_invert_mod_2to, (ARG(val_mpint, x), ARG(uint, p)))
+FUNC(val_mpint, mp_invert, (ARG(val_mpint, x), ARG(val_mpint, modulus)))
+FUNC(void, mp_gcd_into,
+     (ARG(val_mpint, a), ARG(val_mpint, b), ARG(opt_val_mpint, gcd_out),
+      ARG(opt_val_mpint, A_out), ARG(opt_val_mpint, B_out)))
+FUNC(val_mpint, mp_gcd, (ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(uint, mp_coprime, (ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(val_modsqrt, modsqrt_new,
+     (ARG(val_mpint, p), ARG(val_mpint, any_nonsquare_mod_p)))
+/* The modsqrt functions' 'success' pointer becomes a second return value */
+FUNC(val_mpint, mp_modsqrt,
+     (ARG(val_modsqrt, sc), ARG(val_mpint, x), ARG(out_uint, success)))
+FUNC(val_monty, monty_new, (ARG(val_mpint, modulus)))
+FUNC_WRAPPED(val_mpint, monty_modulus, (ARG(val_monty, mc)))
+FUNC_WRAPPED(val_mpint, monty_identity, (ARG(val_monty, mc)))
+FUNC(void, monty_import_into,
+     (ARG(val_monty, mc), ARG(val_mpint, dest), ARG(val_mpint, x)))
+FUNC(val_mpint, monty_import, (ARG(val_monty, mc), ARG(val_mpint, x)))
+FUNC(void, monty_export_into,
+     (ARG(val_monty, mc), ARG(val_mpint, dest), ARG(val_mpint, x)))
+FUNC(val_mpint, monty_export, (ARG(val_monty, mc), ARG(val_mpint, x)))
+FUNC(void, monty_mul_into,
+     (ARG(val_monty, mc), ARG(val_mpint, dest), ARG(val_mpint, x),
+      ARG(val_mpint, y)))
+FUNC(val_mpint, monty_add,
+     (ARG(val_monty, mc), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, monty_sub,
+     (ARG(val_monty, mc), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, monty_mul,
+     (ARG(val_monty, mc), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_mpint, monty_pow,
+     (ARG(val_monty, mc), ARG(val_mpint, base), ARG(val_mpint, exponent)))
+FUNC(val_mpint, monty_invert, (ARG(val_monty, mc), ARG(val_mpint, x)))
+FUNC(val_mpint, monty_modsqrt,
+     (ARG(val_modsqrt, sc), ARG(val_mpint, mx), ARG(out_uint, success)))
+FUNC(val_mpint, mp_modpow,
+     (ARG(val_mpint, base), ARG(val_mpint, exponent), ARG(val_mpint, modulus)))
+FUNC(val_mpint, mp_modmul,
+     (ARG(val_mpint, x), ARG(val_mpint, y), ARG(val_mpint, modulus)))
+FUNC(val_mpint, mp_modadd,
+     (ARG(val_mpint, x), ARG(val_mpint, y), ARG(val_mpint, modulus)))
+FUNC(val_mpint, mp_modsub,
+     (ARG(val_mpint, x), ARG(val_mpint, y), ARG(val_mpint, modulus)))
+FUNC(void, mp_lshift_safe_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, x), ARG(uint, shift)))
+FUNC(void, mp_rshift_safe_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, x), ARG(uint, shift)))
+FUNC(val_mpint, mp_rshift_safe, (ARG(val_mpint, x), ARG(uint, shift)))
+FUNC(void, mp_lshift_fixed_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, x), ARG(uint, shift)))
+FUNC(void, mp_rshift_fixed_into,
+     (ARG(val_mpint, dest), ARG(val_mpint, x), ARG(uint, shift)))
+FUNC(val_mpint, mp_rshift_fixed, (ARG(val_mpint, x), ARG(uint, shift)))
+FUNC(val_mpint, mp_random_bits, (ARG(uint, bits)))
+FUNC(val_mpint, mp_random_in_range, (ARG(val_mpint, lo), ARG(val_mpint, hi)))
+
+/*
+ * ecc.h functions.
+ */
+FUNC(val_wcurve, ecc_weierstrass_curve,
+     (ARG(val_mpint, p), ARG(val_mpint, a), ARG(val_mpint, b),
+      ARG(opt_val_mpint, nonsquare_mod_p)))
+FUNC(val_wpoint, ecc_weierstrass_point_new_identity, (ARG(val_wcurve, curve)))
+FUNC(val_wpoint, ecc_weierstrass_point_new,
+     (ARG(val_wcurve, curve), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_wpoint, ecc_weierstrass_point_new_from_x,
+     (ARG(val_wcurve, curve), ARG(val_mpint, x), ARG(uint, desired_y_parity)))
+FUNC(val_wpoint, ecc_weierstrass_point_copy, (ARG(val_wpoint, orig)))
+FUNC(uint, ecc_weierstrass_point_valid, (ARG(val_wpoint, P)))
+FUNC(val_wpoint, ecc_weierstrass_add_general,
+     (ARG(val_wpoint, P), ARG(val_wpoint, Q)))
+FUNC(val_wpoint, ecc_weierstrass_add, (ARG(val_wpoint, P), ARG(val_wpoint, Q)))
+FUNC(val_wpoint, ecc_weierstrass_double, (ARG(val_wpoint, P)))
+FUNC(val_wpoint, ecc_weierstrass_multiply,
+     (ARG(val_wpoint, B), ARG(val_mpint, n)))
+FUNC(uint, ecc_weierstrass_is_identity, (ARG(val_wpoint, P)))
+/* The output pointers in get_affine all become extra output values */
+FUNC(void, ecc_weierstrass_get_affine,
+     (ARG(val_wpoint, P), ARG(out_val_mpint, x), ARG(out_val_mpint, y)))
+FUNC(val_mcurve, ecc_montgomery_curve,
+     (ARG(val_mpint, p), ARG(val_mpint, a), ARG(val_mpint, b)))
+FUNC(val_mpoint, ecc_montgomery_point_new,
+     (ARG(val_mcurve, curve), ARG(val_mpint, x)))
+FUNC(val_mpoint, ecc_montgomery_point_copy, (ARG(val_mpoint, orig)))
+FUNC(val_mpoint, ecc_montgomery_diff_add,
+     (ARG(val_mpoint, P), ARG(val_mpoint, Q), ARG(val_mpoint, PminusQ)))
+FUNC(val_mpoint, ecc_montgomery_double, (ARG(val_mpoint, P)))
+FUNC(val_mpoint, ecc_montgomery_multiply,
+     (ARG(val_mpoint, B), ARG(val_mpint, n)))
+FUNC(void, ecc_montgomery_get_affine,
+     (ARG(val_mpoint, P), ARG(out_val_mpint, x)))
+FUNC(boolean, ecc_montgomery_is_identity, (ARG(val_mpoint, P)))
+FUNC(val_ecurve, ecc_edwards_curve,
+     (ARG(val_mpint, p), ARG(val_mpint, d), ARG(val_mpint, a),
+      ARG(opt_val_mpint, nonsquare_mod_p)))
+FUNC(val_epoint, ecc_edwards_point_new,
+     (ARG(val_ecurve, curve), ARG(val_mpint, x), ARG(val_mpint, y)))
+FUNC(val_epoint, ecc_edwards_point_new_from_y,
+     (ARG(val_ecurve, curve), ARG(val_mpint, y), ARG(uint, desired_x_parity)))
+FUNC(val_epoint, ecc_edwards_point_copy, (ARG(val_epoint, orig)))
+FUNC(val_epoint, ecc_edwards_add, (ARG(val_epoint, P), ARG(val_epoint, Q)))
+FUNC(val_epoint, ecc_edwards_multiply, (ARG(val_epoint, B), ARG(val_mpint, n)))
+FUNC(uint, ecc_edwards_eq, (ARG(val_epoint, P), ARG(val_epoint, Q)))
+FUNC(void, ecc_edwards_get_affine,
+     (ARG(val_epoint, P), ARG(out_val_mpint, x), ARG(out_val_mpint, y)))
+
+/*
+ * The ssh_hash abstraction. Note the 'consumed', indicating that
+ * ssh_hash_final puts its input ssh_hash beyond use.
+ *
+ * ssh_hash_update is an invention of testcrypt, handled in the real C
+ * API by the hash object also functioning as a BinarySink.
+ */
+FUNC(opt_val_hash, ssh_hash_new, (ARG(hashalg, alg)))
+FUNC(void, ssh_hash_reset, (ARG(val_hash, h)))
+FUNC(val_hash, ssh_hash_copy, (ARG(val_hash, orig)))
+FUNC_WRAPPED(val_string, ssh_hash_digest, (ARG(val_hash, h)))
+FUNC_WRAPPED(val_string, ssh_hash_final, (ARG(consumed_val_hash, h)))
+FUNC(void, ssh_hash_update, (ARG(val_hash, h), ARG(val_string_ptrlen, data)))
+
+FUNC(opt_val_hash, blake2b_new_general, (ARG(uint, hashlen)))
+
+/*
+ * The ssh2_mac abstraction. Note the optional ssh_cipher parameter
+ * to ssh2_mac_new. Also, again, I've invented an ssh2_mac_update so
+ * you can put data into the MAC.
+ */
+FUNC(val_mac, ssh2_mac_new, (ARG(macalg, alg), ARG(opt_val_cipher, cipher)))
+FUNC(void, ssh2_mac_setkey, (ARG(val_mac, m), ARG(val_string_ptrlen, key)))
+FUNC(void, ssh2_mac_start, (ARG(val_mac, m)))
+FUNC(void, ssh2_mac_update, (ARG(val_mac, m), ARG(val_string_ptrlen, data)))
+FUNC_WRAPPED(val_string, ssh2_mac_genresult, (ARG(val_mac, m)))
+FUNC(val_string_asciz_const, ssh2_mac_text_name, (ARG(val_mac, m)))
+
+/*
+ * The ssh_key abstraction. All the uses of BinarySink and
+ * BinarySource in parameters are replaced with ordinary strings for
+ * the testing API: new_priv_openssh just takes a string input, and
+ * all the functions that output key and signature blobs do it by
+ * returning a string.
+ */
+FUNC(val_key, ssh_key_new_pub, (ARG(keyalg, alg), ARG(val_string_ptrlen, pub)))
+FUNC(opt_val_key, ssh_key_new_priv,
+     (ARG(keyalg, alg), ARG(val_string_ptrlen, pub),
+      ARG(val_string_ptrlen, priv)))
+FUNC(opt_val_key, ssh_key_new_priv_openssh,
+     (ARG(keyalg, alg), ARG(val_string_binarysource, src)))
+FUNC(opt_val_string_asciz, ssh_key_invalid,
+     (ARG(val_key, key), ARG(uint, flags)))
+FUNC(void, ssh_key_sign,
+     (ARG(val_key, key), ARG(val_string_ptrlen, data), ARG(uint, flags),
+      ARG(out_val_string_binarysink, sig)))
+FUNC(boolean, ssh_key_verify,
+     (ARG(val_key, key), ARG(val_string_ptrlen, sig),
+      ARG(val_string_ptrlen, data)))
+FUNC(void, ssh_key_public_blob,
+     (ARG(val_key, key), ARG(out_val_string_binarysink, blob)))
+FUNC(void, ssh_key_private_blob,
+     (ARG(val_key, key), ARG(out_val_string_binarysink, blob)))
+FUNC(void, ssh_key_openssh_blob,
+     (ARG(val_key, key), ARG(out_val_string_binarysink, blob)))
+FUNC(val_string_asciz, ssh_key_cache_str, (ARG(val_key, key)))
+FUNC(val_keycomponents, ssh_key_components, (ARG(val_key, key)))
+FUNC(uint, ssh_key_public_bits,
+     (ARG(keyalg, self), ARG(val_string_ptrlen, blob)))
+
+/*
+ * Accessors to retrieve the innards of a 'key_components'.
+ */
+FUNC(uint, key_components_count, (ARG(val_keycomponents, kc)))
+FUNC(opt_val_string_asciz_const, key_components_nth_name,
+     (ARG(val_keycomponents, kc), ARG(uint, n)))
+FUNC(opt_val_string_asciz_const, key_components_nth_str,
+     (ARG(val_keycomponents, kc), ARG(uint, n)))
+FUNC(opt_val_mpint, key_components_nth_mp,
+     (ARG(val_keycomponents, kc), ARG(uint, n)))
+
+/*
+ * The ssh_cipher abstraction. The in-place encrypt and decrypt
+ * functions are wrapped to replace them with versions that take one
+ * string and return a separate string.
+ */
+FUNC(opt_val_cipher, ssh_cipher_new, (ARG(cipheralg, alg)))
+FUNC_WRAPPED(void, ssh_cipher_setiv,
+             (ARG(val_cipher, c), ARG(val_string_ptrlen, iv)))
+FUNC_WRAPPED(void, ssh_cipher_setkey,
+             (ARG(val_cipher, c), ARG(val_string_ptrlen, key)))
+FUNC_WRAPPED(val_string, ssh_cipher_encrypt,
+             (ARG(val_cipher, c), ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, ssh_cipher_decrypt,
+             (ARG(val_cipher, c), ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, ssh_cipher_encrypt_length,
+             (ARG(val_cipher, c), ARG(val_string_ptrlen, blk), ARG(uint, seq)))
+FUNC_WRAPPED(val_string, ssh_cipher_decrypt_length,
+             (ARG(val_cipher, c), ARG(val_string_ptrlen, blk), ARG(uint, seq)))
+
+/*
+ * Integer Diffie-Hellman.
+ */
+FUNC(val_dh, dh_setup_group, (ARG(dh_group, group)))
+FUNC(val_dh, dh_setup_gex, (ARG(val_mpint, p), ARG(val_mpint, g)))
+FUNC(uint, dh_modulus_bit_size, (ARG(val_dh, ctx)))
+FUNC(val_mpint, dh_create_e, (ARG(val_dh, ctx), ARG(uint, nbits)))
+FUNC_WRAPPED(boolean, dh_validate_f, (ARG(val_dh, ctx), ARG(val_mpint, f)))
+FUNC(val_mpint, dh_find_K, (ARG(val_dh, ctx), ARG(val_mpint, f)))
+
+/*
+ * Elliptic-curve Diffie-Hellman.
+ */
+FUNC(val_ecdh, ssh_ecdhkex_newkey, (ARG(ecdh_alg, alg)))
+FUNC(void, ssh_ecdhkex_getpublic,
+     (ARG(val_ecdh, key), ARG(out_val_string_binarysink, pub)))
+FUNC(opt_val_mpint, ssh_ecdhkex_getkey,
+     (ARG(val_ecdh, key), ARG(val_string_ptrlen, pub)))
+
+/*
+ * RSA key exchange, and also the BinarySource get function
+ * get_ssh1_rsa_priv_agent, which is a convenient way to make an
+ * RSAKey for RSA kex testing purposes.
+ */
+FUNC(val_rsakex, ssh_rsakex_newkey, (ARG(val_string_ptrlen, data)))
+FUNC(uint, ssh_rsakex_klen, (ARG(val_rsakex, key)))
+FUNC(val_string, ssh_rsakex_encrypt,
+     (ARG(val_rsakex, key), ARG(hashalg, h), ARG(val_string_ptrlen, plaintext)))
+FUNC(opt_val_mpint, ssh_rsakex_decrypt,
+     (ARG(val_rsakex, key), ARG(hashalg, h),
+      ARG(val_string_ptrlen, ciphertext)))
+FUNC(val_rsakex, get_rsa_ssh1_priv_agent, (ARG(val_string_binarysource, src)))
+
+/*
+ * Bare RSA keys as used in SSH-1. The construction API functions
+ * write into an existing RSAKey object, so I've invented an 'rsa_new'
+ * function to make one in the first place.
+ */
+FUNC(val_rsa, rsa_new, (VOID))
+FUNC(void, get_rsa_ssh1_pub,
+     (ARG(val_string_binarysource, src), ARG(val_rsa, key),
+      ARG(rsaorder, order)))
+FUNC(void, get_rsa_ssh1_priv,
+     (ARG(val_string_binarysource, src), ARG(val_rsa, key)))
+FUNC_WRAPPED(opt_val_string, rsa_ssh1_encrypt,
+             (ARG(val_string_ptrlen, data), ARG(val_rsa, key)))
+FUNC(val_mpint, rsa_ssh1_decrypt, (ARG(val_mpint, input), ARG(val_rsa, key)))
+FUNC_WRAPPED(val_string, rsa_ssh1_decrypt_pkcs1,
+             (ARG(val_mpint, input), ARG(val_rsa, key)))
+FUNC(val_string_asciz, rsastr_fmt, (ARG(val_rsa, key)))
+FUNC(val_string_asciz, rsa_ssh1_fingerprint, (ARG(val_rsa, key)))
+FUNC(void, rsa_ssh1_public_blob,
+     (ARG(out_val_string_binarysink, blob), ARG(val_rsa, key),
+      ARG(rsaorder, order)))
+FUNC(int, rsa_ssh1_public_blob_len, (ARG(val_string_ptrlen, data)))
+FUNC(void, rsa_ssh1_private_blob_agent,
+     (ARG(out_val_string_binarysink, blob), ARG(val_rsa, key)))
+
+/*
+ * The PRNG type. Similarly to hashes and MACs, I've invented an extra
+ * function prng_seed_update for putting seed data into the PRNG's
+ * exposed BinarySink.
+ */
+FUNC(val_prng, prng_new, (ARG(hashalg, hashalg)))
+FUNC(void, prng_seed_begin, (ARG(val_prng, pr)))
+FUNC(void, prng_seed_update, (ARG(val_prng, pr), ARG(val_string_ptrlen, data)))
+FUNC(void, prng_seed_finish, (ARG(val_prng, pr)))
+FUNC_WRAPPED(val_string, prng_read, (ARG(val_prng, pr), ARG(uint, size)))
+FUNC(void, prng_add_entropy,
+     (ARG(val_prng, pr), ARG(uint, source_id), ARG(val_string_ptrlen, data)))
+
+/*
+ * Key load/save functions, or rather, the BinarySource / strbuf API
+ * that sits just inside the file I/O versions.
+ */
+FUNC(boolean, ppk_encrypted_s,
+     (ARG(val_string_binarysource, src),
+      ARG(out_opt_val_string_asciz, comment)))
+FUNC(boolean, rsa1_encrypted_s,
+     (ARG(val_string_binarysource, src),
+      ARG(out_opt_val_string_asciz, comment)))
+FUNC(boolean, ppk_loadpub_s,
+     (ARG(val_string_binarysource, src),
+      ARG(out_opt_val_string_asciz, algorithm),
+      ARG(out_val_string_binarysink, blob),
+      ARG(out_opt_val_string_asciz, comment),
+      ARG(out_opt_val_string_asciz_const, error)))
+FUNC(int, rsa1_loadpub_s,
+     (ARG(val_string_binarysource, src), ARG(out_val_string_binarysink, blob),
+      ARG(out_opt_val_string_asciz, comment),
+      ARG(out_opt_val_string_asciz_const, error)))
+FUNC_WRAPPED(opt_val_key, ppk_load_s,
+             (ARG(val_string_binarysource, src),
+              ARG(out_opt_val_string_asciz, comment),
+              ARG(opt_val_string_asciz, passphrase),
+              ARG(out_opt_val_string_asciz_const, error)))
+FUNC_WRAPPED(int, rsa1_load_s,
+             (ARG(val_string_binarysource, src), ARG(val_rsa, key),
+              ARG(out_opt_val_string_asciz, comment),
+              ARG(opt_val_string_asciz, passphrase),
+              ARG(out_opt_val_string_asciz_const, error)))
+FUNC_WRAPPED(val_string, ppk_save_sb,
+             (ARG(val_key, key), ARG(opt_val_string_asciz, comment),
+              ARG(opt_val_string_asciz, passphrase), ARG(uint, fmt_version),
+              ARG(argon2flavour, flavour), ARG(uint, mem), ARG(uint, passes),
+              ARG(uint, parallel)))
+FUNC_WRAPPED(val_string, rsa1_save_sb,
+             (ARG(val_rsa, key), ARG(opt_val_string_asciz, comment),
+              ARG(opt_val_string_asciz, passphrase)))
+
+FUNC(val_string_asciz, ssh2_fingerprint_blob,
+     (ARG(val_string_ptrlen, blob), ARG(fptype, fptype)))
+
+/*
+ * Password hashing.
+ */
+FUNC_WRAPPED(val_string, argon2,
+             (ARG(argon2flavour, flavour), ARG(uint, mem), ARG(uint, passes),
+              ARG(uint, parallel), ARG(uint, taglen), ARG(val_string_ptrlen, P),
+              ARG(val_string_ptrlen, S), ARG(val_string_ptrlen, K),
+              ARG(val_string_ptrlen, X)))
+FUNC(val_string, argon2_long_hash,
+     (ARG(uint, length), ARG(val_string_ptrlen, data)))
+
+/*
+ * Key generation functions.
+ */
+FUNC_WRAPPED(val_key, rsa_generate,
+             (ARG(uint, bits), ARG(boolean, strong), ARG(val_pgc, pgc)))
+FUNC_WRAPPED(val_key, dsa_generate, (ARG(uint, bits), ARG(val_pgc, pgc)))
+FUNC_WRAPPED(opt_val_key, ecdsa_generate, (ARG(uint, bits)))
+FUNC_WRAPPED(opt_val_key, eddsa_generate, (ARG(uint, bits)))
+FUNC(val_rsa, rsa1_generate,
+     (ARG(uint, bits), ARG(boolean, strong), ARG(val_pgc, pgc)))
+FUNC(val_pgc, primegen_new_context, (ARG(primegenpolicy, policy)))
+FUNC_WRAPPED(opt_val_mpint, primegen_generate,
+             (ARG(val_pgc, ctx), ARG(consumed_val_pcs, pcs)))
+FUNC(val_string, primegen_mpu_certificate,
+     (ARG(val_pgc, ctx), ARG(val_mpint, p)))
+FUNC(val_pcs, pcs_new, (ARG(uint, bits)))
+FUNC(val_pcs, pcs_new_with_firstbits,
+     (ARG(uint, bits), ARG(uint, first), ARG(uint, nfirst)))
+FUNC(void, pcs_require_residue,
+     (ARG(val_pcs, s), ARG(val_mpint, mod), ARG(val_mpint, res)))
+FUNC(void, pcs_require_residue_1, (ARG(val_pcs, s), ARG(val_mpint, mod)))
+FUNC(void, pcs_require_residue_1_mod_prime,
+     (ARG(val_pcs, s), ARG(val_mpint, mod)))
+FUNC(void, pcs_avoid_residue_small,
+     (ARG(val_pcs, s), ARG(uint, mod), ARG(uint, res)))
+FUNC(void, pcs_try_sophie_germain, (ARG(val_pcs, s)))
+FUNC(void, pcs_set_oneshot, (ARG(val_pcs, s)))
+FUNC(void, pcs_ready, (ARG(val_pcs, s)))
+FUNC(void, pcs_inspect,
+     (ARG(val_pcs, pcs), ARG(out_val_mpint, limit_out),
+      ARG(out_val_mpint, factor_out), ARG(out_val_mpint, addend_out)))
+FUNC(val_mpint, pcs_generate, (ARG(val_pcs, s)))
+FUNC(val_pockle, pockle_new, (VOID))
+FUNC(uint, pockle_mark, (ARG(val_pockle, pockle)))
+FUNC(void, pockle_release, (ARG(val_pockle, pockle), ARG(uint, mark)))
+FUNC(pocklestatus, pockle_add_small_prime,
+     (ARG(val_pockle, pockle), ARG(val_mpint, p)))
+FUNC_WRAPPED(pocklestatus, pockle_add_prime,
+             (ARG(val_pockle, pockle), ARG(val_mpint, p),
+              ARG(mpint_list, factors), ARG(val_mpint, witness)))
+FUNC(val_string, pockle_mpu, (ARG(val_pockle, pockle), ARG(val_mpint, p)))
+FUNC(val_millerrabin, miller_rabin_new, (ARG(val_mpint, p)))
+FUNC(mr_result, miller_rabin_test,
+     (ARG(val_millerrabin, mr), ARG(val_mpint, w)))
+
+/*
+ * Miscellaneous.
+ */
+FUNC(val_wpoint, ecdsa_public, (ARG(val_mpint, private_key), ARG(keyalg, alg)))
+FUNC(val_epoint, eddsa_public, (ARG(val_mpint, private_key), ARG(keyalg, alg)))
+FUNC_WRAPPED(val_string, des_encrypt_xdmauth,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, des_decrypt_xdmauth,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, des3_encrypt_pubkey,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, des3_decrypt_pubkey,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, des3_encrypt_pubkey_ossh,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, iv),
+              ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, des3_decrypt_pubkey_ossh,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, iv),
+              ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, aes256_encrypt_pubkey,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, iv),
+              ARG(val_string_ptrlen, blk)))
+FUNC_WRAPPED(val_string, aes256_decrypt_pubkey,
+             (ARG(val_string_ptrlen, key), ARG(val_string_ptrlen, iv),
+              ARG(val_string_ptrlen, blk)))
+FUNC(uint, crc32_rfc1662, (ARG(val_string_ptrlen, data)))
+FUNC(uint, crc32_ssh1, (ARG(val_string_ptrlen, data)))
+FUNC(uint, crc32_update, (ARG(uint, crc_input), ARG(val_string_ptrlen, data)))
+FUNC(boolean, crcda_detect,
+     (ARG(val_string_ptrlen, packet), ARG(val_string_ptrlen, iv)))
+FUNC(val_string, get_implementations_commasep, (ARG(val_string_ptrlen, alg)))
+FUNC(void, http_digest_response,
+     (ARG(out_val_string_binarysink, response),
+      ARG(val_string_ptrlen, username), ARG(val_string_ptrlen, password),
+      ARG(val_string_ptrlen, realm), ARG(val_string_ptrlen, method),
+      ARG(val_string_ptrlen, uri), ARG(val_string_ptrlen, qop),
+      ARG(val_string_ptrlen, nonce), ARG(val_string_ptrlen, opaque),
+      ARG(uint, nonce_count), ARG(httpdigesthash, hash),
+      ARG(boolean, hash_username)))
+
+/*
+ * These functions aren't part of PuTTY's own API, but are additions
+ * by testcrypt itself for administrative purposes.
+ */
+FUNC(void, random_queue, (ARG(val_string_ptrlen, data)))
+FUNC(uint, random_queue_len, (VOID))
+FUNC(void, random_make_prng,
+     (ARG(hashalg, hashalg), ARG(val_string_ptrlen, seed)))
+FUNC(void, random_clear, (VOID))

test/testcrypt.py

@@ -313,7 +313,7 @@ def _lex_testcrypt_header(header):
     while pos < end:
         m = pat.match(header, pos)
         assert m is not None, (
-            "Failed to lex testcrypt.h at byte position {:d}".format(pos))
+            "Failed to lex testcrypt-func.h at byte position {:d}".format(pos))
 
         pos = m.end()
         tok = m.group(1)
@@ -339,7 +339,7 @@ def _parse_testcrypt_header(tokens):
             description = lambda: "'"+what+"' "
             ok = tok == what
         if not ok:
-            sys.exit("testcrypt.h:{:d}: expected {}{}".format(
+            sys.exit("testcrypt-func.h:{:d}: expected {}{}".format(
                 pos, description(), why))
         return tok
 
@@ -392,7 +392,7 @@ def _setup(scope):
             arg = arg[:arg.index("_", len(valprefix))]
         return arg
 
-    with open(os.path.join(putty_srcdir, "testcrypt.h")) as f:
+    with open(os.path.join(putty_srcdir, "test", "testcrypt-func.h")) as f:
         header = f.read()
     tokens = _lex_testcrypt_header(header)
     for function, rettype, arglist in _parse_testcrypt_header(tokens):

test/testzlib.c

@@ -0,0 +1,114 @@
+/*
+ * Main program to compile ssh/zlib.c into a zlib decoding tool.
+ *
+ * This is potentially a handy tool in its own right for picking apart
+ * Zip files or PDFs or PNGs, because it accepts the bare Deflate
+ * format and the zlib wrapper format, unlike 'zcat' which accepts
+ * only the gzip wrapper format.
+ *
+ * It's also useful as a means for a fuzzer to get reasonably direct
+ * access to PuTTY's zlib decompressor.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "defs.h"
+#include "ssh.h"
+
+void out_of_memory(void)
+{
+    fprintf(stderr, "Out of memory!\n");
+    exit(1);
+}
+
+void dputs(const char *buf)
+{
+    fputs(buf, stderr);
+}
+
+int main(int argc, char **argv)
+{
+    unsigned char buf[16], *outbuf;
+    int ret, outlen;
+    ssh_decompressor *handle;
+    int noheader = false, opts = true;
+    char *filename = NULL;
+    FILE *fp;
+
+    while (--argc) {
+        char *p = *++argv;
+
+        if (p[0] == '-' && opts) {
+            if (!strcmp(p, "-d")) {
+                noheader = true;
+            } else if (!strcmp(p, "--")) {
+                opts = false;          /* next thing is filename */
+            } else if (!strcmp(p, "--help")) {
+                printf("usage: testzlib          decode zlib (RFC1950) data"
+                       " from standard input\n");
+                printf("       testzlib -d       decode Deflate (RFC1951) data"
+                       " from standard input\n");
+                printf("       testzlib --help   display this text\n");
+                return 0;
+            } else {
+                fprintf(stderr, "unknown command line option '%s'\n", p);
+                return 1;
+            }
+        } else if (!filename) {
+            filename = p;
+        } else {
+            fprintf(stderr, "can only handle one filename\n");
+            return 1;
+        }
+    }
+
+    handle = ssh_decompressor_new(&ssh_zlib);
+
+    if (noheader) {
+        /*
+         * Provide missing zlib header if -d was specified.
+         */
+        static const unsigned char ersatz_zlib_header[] = { 0x78, 0x9C };
+        ssh_decompressor_decompress(
+            handle, ersatz_zlib_header, sizeof(ersatz_zlib_header),
+            &outbuf, &outlen);
+        assert(outlen == 0);
+    }
+
+    if (filename)
+        fp = fopen(filename, "rb");
+    else
+        fp = stdin;
+
+    if (!fp) {
+        assert(filename);
+        fprintf(stderr, "unable to open '%s'\n", filename);
+        return 1;
+    }
+
+    while (1) {
+        ret = fread(buf, 1, sizeof(buf), fp);
+        if (ret <= 0)
+            break;
+        ssh_decompressor_decompress(handle, buf, ret, &outbuf, &outlen);
+        if (outbuf) {
+            if (outlen)
+                fwrite(outbuf, 1, outlen, stdout);
+            sfree(outbuf);
+        } else {
+            fprintf(stderr, "decoding error\n");
+            fclose(fp);
+            return 1;
+        }
+    }
+
+    ssh_decompressor_free(handle);
+
+    if (filename)
+        fclose(fp);
+
+    return 0;
+}