aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJakub Jelen <jjelen@redhat.com>2018-10-19 16:40:41 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-10-19 17:43:20 +0200
commit0386e088ebdf64da202a30ee2ce809aed99d6506 (patch)
tree69c4d4bf1a697261ba36dd8b1284684b532e1555 /tests
parente91bb29e9d8c452a84d552b8884853251507d013 (diff)
downloadlibssh-0386e088ebdf64da202a30ee2ce809aed99d6506.tar.gz
libssh-0386e088ebdf64da202a30ee2ce809aed99d6506.tar.xz
libssh-0386e088ebdf64da202a30ee2ce809aed99d6506.zip
tests: Verify we can authenticate using ed25519 key
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'tests')
-rw-r--r--tests/CMakeLists.txt6
-rw-r--r--tests/client/torture_auth.c100
-rw-r--r--tests/keys/id_ed255198
-rw-r--r--tests/keys/id_ed25519.pub1
4 files changed, 110 insertions, 5 deletions
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ca9f89c5..64d96fc5 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -121,6 +121,8 @@ if (CLIENT_TESTING)
file(COPY keys/id_rsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_ecdsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_ecdsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+ file(COPY keys/id_ed25519 DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+ file(COPY keys/id_ed25519.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
# Allow to auth with bob his public keys on alice account
configure_file(keys/id_rsa.pub ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys @ONLY)
@@ -128,6 +130,10 @@ if (CLIENT_TESTING)
file(READ keys/id_ecdsa.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")
+ # append ed25519 public key
+ file(READ keys/id_ed25519.pub CONTENTS)
+ file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")
+
# Copy the signed key to an alternative directory in bob's homedir.
file(COPY keys/certauth/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/certauth/id_rsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh_cert/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c
index 5f4a4ed8..77405d06 100644
--- a/tests/client/torture_auth.c
+++ b/tests/client/torture_auth.c
@@ -559,7 +559,7 @@ static void torture_auth_pubkey_types(void **state)
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
- rc = ssh_userauth_none(session,NULL);
+ rc = ssh_userauth_none(session, NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
@@ -596,7 +596,7 @@ static void torture_auth_pubkey_types_ecdsa(void **state)
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
- rc = ssh_userauth_none(session,NULL);
+ rc = ssh_userauth_none(session, NULL);
/* This request should return a SSH_REQUEST_DENIED error */
if (rc == SSH_ERROR) {
assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
@@ -622,6 +622,44 @@ static void torture_auth_pubkey_types_ecdsa(void **state)
}
+static void torture_auth_pubkey_types_ed25519(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ int rc;
+
+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_connect(session);
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_userauth_none(session, NULL);
+ /* This request should return a SSH_REQUEST_DENIED error */
+ if (rc == SSH_ERROR) {
+ assert_true(ssh_get_error_code(session) == SSH_REQUEST_DENIED);
+ }
+ rc = ssh_userauth_list(session, NULL);
+ assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+ /* Enable only DSA keys -- authentication should fail */
+ rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+ "ssh-dss");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+ assert_int_equal(rc, SSH_AUTH_DENIED);
+
+ /* Verify we can use also ed25519 keys */
+ rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+ "ssh-ed25519");
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+ assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+}
+
static void torture_auth_pubkey_types_nonblocking(void **state)
{
struct torture_state *s = *state;
@@ -634,7 +672,7 @@ static void torture_auth_pubkey_types_nonblocking(void **state)
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
- ssh_set_blocking(session,0);
+ ssh_set_blocking(session, 0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
@@ -681,7 +719,7 @@ static void torture_auth_pubkey_types_ecdsa_nonblocking(void **state)
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
- ssh_set_blocking(session,0);
+ ssh_set_blocking(session, 0);
do {
rc = ssh_userauth_none(session, NULL);
} while (rc == SSH_AUTH_AGAIN);
@@ -704,7 +742,7 @@ static void torture_auth_pubkey_types_ecdsa_nonblocking(void **state)
} while (rc == SSH_AUTH_AGAIN);
assert_int_equal(rc, SSH_AUTH_DENIED);
- /* Verify we can use also ECDSA keys with their various names */
+ /* Verify we can use also ECDSA key to authenticate */
rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
"ecdsa-sha2-nistp256");
assert_ssh_return_code(session, rc);
@@ -716,6 +754,52 @@ static void torture_auth_pubkey_types_ecdsa_nonblocking(void **state)
}
+static void torture_auth_pubkey_types_ed25519_nonblocking(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ int rc;
+
+ rc = ssh_options_set(session, SSH_OPTIONS_USER, TORTURE_SSH_USER_ALICE);
+ assert_ssh_return_code(session, rc);
+
+ rc = ssh_connect(session);
+ assert_ssh_return_code(session, rc);
+
+ ssh_set_blocking(session, 0);
+ do {
+ rc = ssh_userauth_none(session, NULL);
+ } while (rc == SSH_AUTH_AGAIN);
+
+ /* This request should return a SSH_REQUEST_DENIED error */
+ if (rc == SSH_ERROR) {
+ assert_int_equal(ssh_get_error_code(session), SSH_REQUEST_DENIED);
+ }
+
+ rc = ssh_userauth_list(session, NULL);
+ assert_true(rc & SSH_AUTH_METHOD_PUBLICKEY);
+
+ /* Enable only DSA keys -- authentication should fail */
+ rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+ "ssh-dss");
+ assert_ssh_return_code(session, rc);
+
+ do {
+ rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+ } while (rc == SSH_AUTH_AGAIN);
+ assert_int_equal(rc, SSH_AUTH_DENIED);
+
+ /* Verify we can use also ED25519 key to authenticate */
+ rc = ssh_options_set(session, SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES,
+ "ssh-ed25519");
+ assert_ssh_return_code(session, rc);
+
+ do {
+ rc = ssh_userauth_publickey_auto(session, NULL, NULL);
+ } while (rc == SSH_AUTH_AGAIN);
+ assert_int_equal(rc, SSH_AUTH_SUCCESS);
+
+}
int torture_run_tests(void) {
int rc;
@@ -771,6 +855,12 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_auth_pubkey_types_ecdsa_nonblocking,
pubkey_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_auth_pubkey_types_ed25519,
+ pubkey_setup,
+ session_teardown),
+ cmocka_unit_test_setup_teardown(torture_auth_pubkey_types_ed25519_nonblocking,
+ pubkey_setup,
+ session_teardown),
};
ssh_init();
diff --git a/tests/keys/id_ed25519 b/tests/keys/id_ed25519
new file mode 100644
index 00000000..2759f43e
--- /dev/null
+++ b/tests/keys/id_ed25519
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCLo6vx1lX6ZZoe05lWTkuwrJUZN0T8hEer5UF9KPhOVgAAAKg+IRNSPiET
+UgAAAAtzc2gtZWQyNTUxOQAAACCLo6vx1lX6ZZoe05lWTkuwrJUZN0T8hEer5UF9KPhOVg
+AAAED2zFg52qYItoZaSUnir4VKubTxJveL9D2oWK7Prg/O24ujq/HWVfplmh7TmVZOS7Cs
+lRk3RPyER6vlQX0o+E5WAAAAHmpqZWxlbkB0NDcwcy5qamVsZW4ucmVkaGF0LmNvbQECAw
+QFBgc=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tests/keys/id_ed25519.pub b/tests/keys/id_ed25519.pub
new file mode 100644
index 00000000..accd5b65
--- /dev/null
+++ b/tests/keys/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIujq/HWVfplmh7TmVZOS7CslRk3RPyER6vlQX0o+E5W jjelen@t470s.jjelen.redhat.com