diff options
author | Aris Adamantiadis <aris@0xbadc0de.be> | 2019-10-11 17:07:32 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-12-23 14:31:32 +0100 |
commit | 3063a57fc8ac50d71cc2bbcfce4fc50662068275 (patch) | |
tree | 13235458ed6681be8c71e8af23e59c249db26d34 /tests/CMakeLists.txt | |
parent | 23c529c888fdb6a96ca45a5e1afd091afb4f36f0 (diff) | |
download | libssh-3063a57fc8ac50d71cc2bbcfce4fc50662068275.tar.gz libssh-3063a57fc8ac50d71cc2bbcfce4fc50662068275.tar.xz libssh-3063a57fc8ac50d71cc2bbcfce4fc50662068275.zip |
tests: detect OpenSSH supported ciphers
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests/CMakeLists.txt')
-rw-r--r-- | tests/CMakeLists.txt | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 52b7d082..5bc759d2 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -43,6 +43,66 @@ set(TEST_TARGET_LIBRARIES add_subdirectory(unittests) +# OpenSSH Capabilities are required for all unit tests +find_program(SSH_EXECUTABLE NAMES ssh) +if (SSH_EXECUTABLE) + execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR) + string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}") + string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}") + set(OPENSSH_VERSION "${OPENSSH_VERSION_MAJOR}.${OPENSSH_VERSION_MINOR}") + if("${OPENSSH_VERSION}" VERSION_LESS "6.3") + # ssh - Q was introduced in 6.3 + message("Version less than 6.3, hardcoding cipher list") + set(OPENSSH_CIPHERS "aes128-ctr\naes192-ctr\naes256-ctr\narcfour256\narcfour128\naes128-gcm@openssh.com\naes256-gcm@openssh.com\naes128-cbc\n3des-cbc\nblowfish-cbc\ncast128-cbc\naes192-cbc\naes256-cbc\narcfour\nrijndael-cbc@lysator.liu.se\n") + set(OPENSSH_MACS "hmac-md5-etm@openssh.com\nhmac-sha1-etm@openssh.com\numac-64-etm@openssh.com\numac-128-etm@openssh.com\nhmac-sha2-256-etm@openssh.com\nhmac-sha2-512-etm@openssh.com\nhmac-ripemd160-etm@openssh.com\nhmac-sha1-96-etm@openssh.com\nhmac-md5-96-etm@openssh.com\nhmac-md5\nhmac-sha1\numac-64@openssh.com\numac-128@openssh.com\nhmac-sha2-256\nhmac-sha2-512\nhmac-ripemd160\nhmac-ripemd160@openssh.com\nhmac-sha1-96\nhmac-md5-96\n") + set(OPENSSH_KEX "ecdh-sha2-nistp256\necdh-sha2-nistp384\necdh-sha2-nistp521\ndiffie-hellman-group-exchange-sha256\ndiffie-hellman-group-exchange-sha1\ndiffie-hellman-group14-sha1\ndiffie-hellman-group1-sha1\n") + set(OPENSSH_KEYS "ssh-rsa\nssh-dss\necdsa-sha2-nistp256\n") + else() + execute_process(COMMAND ${SSH_EXECUTABLE} -Q cipher OUTPUT_VARIABLE OPENSSH_CIPHERS) + execute_process(COMMAND ${SSH_EXECUTABLE} -Q mac OUTPUT_VARIABLE OPENSSH_MACS) + execute_process(COMMAND ${SSH_EXECUTABLE} -Q kex OUTPUT_VARIABLE OPENSSH_KEX) + execute_process(COMMAND ${SSH_EXECUTABLE} -Q key OUTPUT_VARIABLE OPENSSH_KEYS) + execute_process(COMMAND ${SSH_EXECUTABLE} -Q sig OUTPUT_VARIABLE OPENSSH_SIGS ERROR_QUIET) + set(OPENSSH_KEYS "${OPENSSH_KEYS}${OPENSSH_SIGS}") + endif() + + set(SSH_ALGORITHMS + 3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr + aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com + hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com + umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com + hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com + hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com + diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 + curve25519-sha256 curve25519-sha256@libssh.org + ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa ssh-dss + ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 + ssh-rsa-cert-v01@openssh.com ssh-dss-cert-v01@openssh.com + ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com + ecdsa-sha2-nistp521-cert-v01@openssh.com + ) + foreach(ALGORITHM ${SSH_ALGORITHMS}) + string(TOUPPER ${ALGORITHM} VARNAME) + string(REGEX REPLACE "[-@.]" "_" VARNAME "OPENSSH_${VARNAME}") + + # Match the current algorithm into the complete list of OpenSSH supported algorithms. + # If matching, create an OPENSSH_CIPHER_NAME variable. + string(REGEX MATCH ".*${ALGORITHM}\n" "${VARNAME}" "${OPENSSH_CIPHERS}${OPENSSH_MACS}${OPENSSH_KEX}${OPENSSH_KEYS}") + endforeach(ALGORITHM) + + string(STRIP "${OPENSSH_CIPHERS}" OPENSSH_CIPHERS) + string(STRIP "${OPENSSH_MACS}" OPENSSH_MACS) + string(STRIP "${OPENSSH_KEX}" OPENSSH_KEX) + string(STRIP "${OPENSSH_KEYS}" OPENSSH_KEYS) + string(REPLACE "\n" "," OPENSSH_CIPHERS "${OPENSSH_CIPHERS}") + string(REPLACE "\n" "," OPENSSH_MACS "${OPENSSH_MACS}") + string(REPLACE "\n" "," OPENSSH_KEX "${OPENSSH_KEX}") + string(REPLACE "\n" "," OPENSSH_KEYS "${OPENSSH_KEYS}") + +endif() + if (CLIENT_TESTING OR SERVER_TESTING) find_package(socket_wrapper 1.1.5 REQUIRED) find_package(nss_wrapper 1.1.2 REQUIRED) @@ -60,6 +120,14 @@ if (CLIENT_TESTING OR SERVER_TESTING) message(SEND_ERROR "Could not find sshd which is required for client testing") endif() + find_program(NC_EXECUTABLE + NAME + nc + PATHS + /bin + /usr/bin + /usr/local/bin) + if (WITH_PKCS11_URI) find_package(softhsm) if (NOT SOFTHSM_FOUND) @@ -161,6 +229,8 @@ if (CLIENT_TESTING OR SERVER_TESTING) message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}") endif () +configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h) + if (WITH_BENCHMARKS) add_subdirectory(benchmarks) endif () |