diff options
author | Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> | 2017-12-28 11:10:43 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-12-28 11:17:39 +0100 |
commit | 778652460f7cceb3e760964a890ffd99ec8230e7 (patch) | |
tree | b30fca5918cc4f88abcba9e12146c6fe5db11ad1 /tests/torture.c | |
parent | 5c3b1ee0a427e3a6a0b2ba0862fd9d2c4c25d736 (diff) | |
download | libssh-778652460f7cceb3e760964a890ffd99ec8230e7.tar.gz libssh-778652460f7cceb3e760964a890ffd99ec8230e7.tar.xz libssh-778652460f7cceb3e760964a890ffd99ec8230e7.zip |
add mbedtls crypto support
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
Diffstat (limited to 'tests/torture.c')
-rw-r--r-- | tests/torture.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/tests/torture.c b/tests/torture.c index 8486eb41..26f15ce0 100644 --- a/tests/torture.c +++ b/tests/torture.c @@ -113,6 +113,7 @@ static const char torture_rsa_testkey_cert[] = "neB6OdgTpKFsmgPZVtqrvhjw+b5T8a4W4iWSl+6wg6gowAm " "rsa_privkey.pub\n"; +#ifdef HAVE_DSA static const char torture_dsa_testkey[] = "-----BEGIN DSA PRIVATE KEY-----\n" "MIIBuwIBAAKBgQCUyvVPEkn3UnZDjzCzSzSHpTltzr0Ec+1mz/JACjHMBJ9C/W/P\n" @@ -167,6 +168,7 @@ static const char torture_dsa_testkey_cert[] = "4mMXgzaLViFtcwah6wHGlW0UPQMvrq/RqigAkyUszSccfibkIXJ+wGAgsRYhVAMwME" "JqPZ6GHOEIjLBKUegsclHb7Pk0YO8Auaw== " "aris@aris-air\n"; +#endif static const char torture_rsa_testkey_pp[] = "-----BEGIN RSA PRIVATE KEY-----\n" @@ -200,6 +202,7 @@ static const char torture_rsa_testkey_pp[] = "JSvUyxoaZUjQkT7iF94HsF+FVVJdI55UjgnMiZ0d5vKffWyTHYcYHkFYaSloAMWN\n" "-----END RSA PRIVATE KEY-----\n"; +#ifdef HAVE_DSA static const char torture_dsa_testkey_pp[] = "-----BEGIN DSA PRIVATE KEY-----\n" "Proc-Type: 4,ENCRYPTED\n" @@ -216,6 +219,7 @@ static const char torture_dsa_testkey_pp[] = "HTSuHZ7edjoWqwnl/vkc3+nG//IEj8LqAacx0i4krDcQpGuQ6BnPfwPFco2NQQpw\n" "wHBOL6HrOnD+gGs6DUFwzA==\n" "-----END DSA PRIVATE KEY-----\n"; +#endif static const char torture_ecdsa256_testkey[] = "-----BEGIN EC PRIVATE KEY-----\n" @@ -571,9 +575,11 @@ ssh_bind torture_ssh_bind(const char *addr, } switch (key_type) { +#ifdef HAVE_DSA case SSH_KEYTYPE_DSS: opts = SSH_BIND_OPTIONS_DSAKEY; break; +#endif case SSH_KEYTYPE_RSA: opts = SSH_BIND_OPTIONS_RSAKEY; break; @@ -694,6 +700,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, int pubkey) { switch (type) { +#ifdef HAVE_DSA case SSH_KEYTYPE_DSS: if (pubkey) { return torture_dsa_testkey_pub; @@ -701,6 +708,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, return torture_dsa_testkey_pp; } return torture_dsa_testkey; +#endif case SSH_KEYTYPE_RSA: if (pubkey) { return torture_rsa_testkey_pub; @@ -738,8 +746,10 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, return torture_ed25519_testkey_pp; } return torture_ed25519_testkey; +#ifdef HAVE_DSA case SSH_KEYTYPE_DSS_CERT01: return torture_dsa_testkey_cert; +#endif case SSH_KEYTYPE_RSA_CERT01: return torture_rsa_testkey_cert; case SSH_KEYTYPE_RSA1: @@ -862,7 +872,9 @@ void torture_setup_socket_dir(void **state) static void torture_setup_create_sshd_config(void **state) { struct torture_state *s = *state; +#ifdef HAVE_DSA char dsa_hostkey[1024]; +#endif char rsa_hostkey[1024]; char ecdsa_hostkey[1024]; char trusted_ca_pubkey[1024]; @@ -882,7 +894,9 @@ static void torture_setup_create_sshd_config(void **state) const char config_string[]= "Port 22\n" "ListenAddress 127.0.0.10\n" +#ifdef HAVE_DSA "HostKey %s\n" +#endif "HostKey %s\n" "HostKey %s\n" "\n" @@ -901,8 +915,12 @@ static void torture_setup_create_sshd_config(void **state) "UsePAM yes\n" "\n" #if (OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 7) || (OPENSSH_VERSION_MAJOR >= 7) +# ifdef HAVE_DSA "HostKeyAlgorithms +ssh-dss\n" -# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) +# else + "HostKeyAlgorithms +ssh-rsa\n" +# endif +# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n" # else "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc\n" @@ -939,11 +957,13 @@ static void torture_setup_create_sshd_config(void **state) rc = mkdir(sshd_path, 0755); assert_return_code(rc, errno); +#ifdef HAVE_DSA snprintf(dsa_hostkey, sizeof(dsa_hostkey), "%s/sshd/ssh_host_dsa_key", s->socket_dir); torture_write_file(dsa_hostkey, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); +#endif snprintf(rsa_hostkey, sizeof(rsa_hostkey), @@ -980,7 +1000,9 @@ static void torture_setup_create_sshd_config(void **state) snprintf(sshd_config, sizeof(sshd_config), config_string, +#ifdef HAVE_DSA dsa_hostkey, +#endif rsa_hostkey, ecdsa_hostkey, trusted_ca_pubkey, |