diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-05-29 20:08:34 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-06-13 16:29:32 +0200 |
commit | 20e58be7d8920de42f4317687ad2bec3652dbf7b (patch) | |
tree | d3a38987ca90cdec5a1ba82abb4692ece622fdf1 | |
parent | 8c59f7f236a4e5971aa4ee2632e01a0a9b578383 (diff) | |
download | libssh-20e58be7d8920de42f4317687ad2bec3652dbf7b.tar.gz libssh-20e58be7d8920de42f4317687ad2bec3652dbf7b.tar.xz libssh-20e58be7d8920de42f4317687ad2bec3652dbf7b.zip |
tests: Adjust for FIPS and simplify initialization
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | tests/server/torture_server_config.c | 169 |
1 files changed, 84 insertions, 85 deletions
diff --git a/tests/server/torture_server_config.c b/tests/server/torture_server_config.c index cd68b20a..221b3694 100644 --- a/tests/server/torture_server_config.c +++ b/tests/server/torture_server_config.c @@ -419,16 +419,11 @@ static int try_config_content(void **state, const char *config_content, return 0; } -static void torture_server_config_hostkey(void **state) -{ - struct test_server_st *tss = *state; - char *hostkey_files[6]; - size_t i, num_hostkey_files = 5; - char config_content[4096]; - - int rc; +static char *hostkey_files[6] = {0}; - assert_non_null(tss); +static size_t setup_hostkey_files(struct test_server_st *tss) +{ + size_t num_hostkey_files = 5; hostkey_files[0] = tss->ed25519_hostkey; hostkey_files[1] = tss->rsa_hostkey; @@ -440,7 +435,25 @@ static void torture_server_config_hostkey(void **state) num_hostkey_files = 6; #endif + return num_hostkey_files; +} + +static void torture_server_config_hostkey(void **state) +{ + struct test_server_st *tss = *state; + size_t i, num_hostkey_files; + char config_content[4096]; + + int rc; + + assert_non_null(tss); + + num_hostkey_files = setup_hostkey_files(tss); + for (i = 0; i < num_hostkey_files; i++) { + if (ssh_fips_mode() && (i == 0 || i == 5)) { + continue; + } snprintf(config_content, sizeof(config_content), "HostKey %s\n", @@ -457,7 +470,6 @@ static void torture_server_config_hostkey(void **state) static void torture_server_config_ciphers(void **state) { struct test_server_st *tss = *state; - char *hostkey_files[6]; size_t i, j, num_hostkey_files = 1; char config_content[4096]; @@ -469,18 +481,7 @@ static void torture_server_config_ciphers(void **state) assert_non_null(tss); - hostkey_files[0] = tss->ed25519_hostkey; -#ifdef TEST_ALL_CRYPTO_COMBINATIONS - hostkey_files[1] = tss->rsa_hostkey; - hostkey_files[2] = tss->ecdsa_256_hostkey; - hostkey_files[3] = tss->ecdsa_384_hostkey; - hostkey_files[4] = tss->ecdsa_521_hostkey; - num_hostkey_files = 5; -#ifdef HAVE_DSA - hostkey_files[5] = tss->dsa_hostkey; - num_hostkey_files = 6; -#endif -#endif + num_hostkey_files = setup_hostkey_files(tss); ciphers = ssh_kex_get_default_methods(SSH_CRYPT_S_C); assert_non_null(ciphers); @@ -489,6 +490,14 @@ static void torture_server_config_ciphers(void **state) assert_non_null(tokens); for (i = 0; i < num_hostkey_files; i++) { + if (ssh_fips_mode() && (i == 0 || i == 5)) { + continue; + } +#ifndef TEST_ALL_CRYPTO_COMBINATIONS + if (i > 1) { + continue; + } +#endif /* Try setting all default algorithms */ snprintf(config_content, sizeof(config_content), @@ -525,7 +534,6 @@ static void torture_server_config_ciphers(void **state) static void torture_server_config_macs(void **state) { struct test_server_st *tss = *state; - char *hostkey_files[6]; size_t i, j, num_hostkey_files = 1; char config_content[4096]; @@ -537,18 +545,7 @@ static void torture_server_config_macs(void **state) assert_non_null(tss); - hostkey_files[0] = tss->ed25519_hostkey; -#ifdef TEST_ALL_CRYPTO_COMBINATIONS - hostkey_files[1] = tss->rsa_hostkey; - hostkey_files[2] = tss->ecdsa_256_hostkey; - hostkey_files[3] = tss->ecdsa_384_hostkey; - hostkey_files[4] = tss->ecdsa_521_hostkey; - num_hostkey_files = 5; -#ifdef HAVE_DSA - hostkey_files[5] = tss->dsa_hostkey; - num_hostkey_files = 6; -#endif -#endif + num_hostkey_files = setup_hostkey_files(tss); macs = ssh_kex_get_default_methods(SSH_MAC_S_C); assert_non_null(macs); @@ -557,6 +554,14 @@ static void torture_server_config_macs(void **state) assert_non_null(tokens); for (i = 0; i < num_hostkey_files; i++) { + if (ssh_fips_mode() && (i == 0 || i == 5)) { + continue; + } +#ifndef TEST_ALL_CRYPTO_COMBINATIONS + if (i > 1) { + continue; + } +#endif /* Try setting all default algorithms */ snprintf(config_content, sizeof(config_content), @@ -593,7 +598,6 @@ static void torture_server_config_macs(void **state) static void torture_server_config_kex(void **state) { struct test_server_st *tss = *state; - char *hostkey_files[6]; size_t i, j, num_hostkey_files = 1; char config_content[4096]; @@ -605,18 +609,7 @@ static void torture_server_config_kex(void **state) assert_non_null(tss); - hostkey_files[0] = tss->ed25519_hostkey; -#ifdef TEST_ALL_CRYPTO_COMBINATIONS - hostkey_files[1] = tss->rsa_hostkey; - hostkey_files[2] = tss->ecdsa_256_hostkey; - hostkey_files[3] = tss->ecdsa_384_hostkey; - hostkey_files[4] = tss->ecdsa_521_hostkey; - num_hostkey_files = 5; -#ifdef HAVE_DSA - hostkey_files[5] = tss->dsa_hostkey; - num_hostkey_files = 6; -#endif -#endif + num_hostkey_files = setup_hostkey_files(tss); kex = ssh_kex_get_default_methods(SSH_KEX); assert_non_null(kex); @@ -625,6 +618,14 @@ static void torture_server_config_kex(void **state) assert_non_null(tokens); for (i = 0; i < num_hostkey_files; i++) { + if (ssh_fips_mode() && (i == 0 || i == 5)) { + continue; + } +#ifndef TEST_ALL_CRYPTO_COMBINATIONS + if (i > 1) { + continue; + } +#endif /* Try setting all default algorithms */ snprintf(config_content, sizeof(config_content), @@ -661,7 +662,6 @@ static void torture_server_config_kex(void **state) static void torture_server_config_hostkey_algorithms(void **state) { struct test_server_st *tss = *state; - char *hostkey_files[6]; size_t i, num_hostkey_files = 5; char config_content[4096]; @@ -671,20 +671,15 @@ static void torture_server_config_hostkey_algorithms(void **state) assert_non_null(tss); - hostkey_files[0] = tss->ed25519_hostkey; - hostkey_files[1] = tss->rsa_hostkey; - hostkey_files[2] = tss->ecdsa_256_hostkey; - hostkey_files[3] = tss->ecdsa_384_hostkey; - hostkey_files[4] = tss->ecdsa_521_hostkey; -#ifdef HAVE_DSA - hostkey_files[5] = tss->dsa_hostkey; - num_hostkey_files = 6; -#endif + num_hostkey_files = setup_hostkey_files(tss); allowed = ssh_kex_get_default_methods(SSH_HOSTKEYS); assert_non_null(allowed); for (i = 0; i < num_hostkey_files; i++) { + if (ssh_fips_mode() && (i == 0 || i == 5)) { + continue; + } /* Should work with all allowed */ snprintf(config_content, sizeof(config_content), @@ -700,29 +695,31 @@ static void torture_server_config_hostkey_algorithms(void **state) /* Should work with matching hostkey and allowed algorithm */ - /* ed25519 */ - snprintf(config_content, - sizeof(config_content), - "HostKey %s\nHostkeyAlgorithms %s\n", - tss->ed25519_hostkey, "ssh-ed25519"); + if (!ssh_fips_mode()) { + /* ed25519 */ + snprintf(config_content, + sizeof(config_content), + "HostKey %s\nHostkeyAlgorithms %s\n", + tss->ed25519_hostkey, "ssh-ed25519"); - rc = try_config_content(state, config_content, true); - assert_int_equal(rc, 0); + rc = try_config_content(state, config_content, true); + assert_int_equal(rc, 0); - rc = try_config_content(state, config_content, false); - assert_int_equal(rc, 0); + rc = try_config_content(state, config_content, false); + assert_int_equal(rc, 0); - /* ssh-rsa */ - snprintf(config_content, - sizeof(config_content), - "HostKey %s\nHostkeyAlgorithms %s\n", - tss->rsa_hostkey, "ssh-rsa"); + /* ssh-rsa */ + snprintf(config_content, + sizeof(config_content), + "HostKey %s\nHostkeyAlgorithms %s\n", + tss->rsa_hostkey, "ssh-rsa"); - rc = try_config_content(state, config_content, true); - assert_int_equal(rc, 0); + rc = try_config_content(state, config_content, true); + assert_int_equal(rc, 0); - rc = try_config_content(state, config_content, false); - assert_int_equal(rc, 0); + rc = try_config_content(state, config_content, false); + assert_int_equal(rc, 0); + } /* rsa-sha2-256 */ snprintf(config_content, @@ -785,17 +782,19 @@ static void torture_server_config_hostkey_algorithms(void **state) assert_int_equal(rc, 0); #ifdef HAVE_DSA - /* ecdsa-sha2-nistp256 */ - snprintf(config_content, - sizeof(config_content), - "HostKey %s\nHostkeyAlgorithms %s\n", - tss->dsa_hostkey, "ssh-dss"); + if (!ssh_fips_mode()) { + /* ssh-dss */ + snprintf(config_content, + sizeof(config_content), + "HostKey %s\nHostkeyAlgorithms %s\n", + tss->dsa_hostkey, "ssh-dss"); - rc = try_config_content(state, config_content, true); - assert_int_equal(rc, 0); + rc = try_config_content(state, config_content, true); + assert_int_equal(rc, 0); - rc = try_config_content(state, config_content, false); - assert_int_equal(rc, 0); + rc = try_config_content(state, config_content, false); + assert_int_equal(rc, 0); + } #endif } |