diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/client/torture_knownhosts.c | 14 | ||||
-rw-r--r-- | tests/pkd/pkd_daemon.c | 2 | ||||
-rw-r--r-- | tests/pkd/pkd_daemon.h | 2 | ||||
-rw-r--r-- | tests/pkd/pkd_hello.c | 99 | ||||
-rw-r--r-- | tests/pkd/pkd_keyutil.c | 8 | ||||
-rw-r--r-- | tests/pkd/pkd_keyutil.h | 10 | ||||
-rw-r--r-- | tests/test_ssh_bind_accept_fd.c | 8 | ||||
-rw-r--r-- | tests/torture.c | 24 | ||||
-rw-r--r-- | tests/unittests/torture_keyfiles.c | 18 | ||||
-rw-r--r-- | tests/unittests/torture_options.c | 2 | ||||
-rw-r--r-- | tests/unittests/torture_pki.c | 53 |
11 files changed, 234 insertions, 6 deletions
diff --git a/tests/client/torture_knownhosts.c b/tests/client/torture_knownhosts.c index 1702b467..cfa47deb 100644 --- a/tests/client/torture_knownhosts.c +++ b/tests/client/torture_knownhosts.c @@ -40,6 +40,7 @@ "YgIytryNn7LLiwYfoSxvWigFrTTZsrVtCOYyNgklmffpGdzuC43wdANvTewfI9G" \ "o71r8EXmEc228CrYPmb8Scv3mpXFK/BosohSGkPlEHu9lf3YjnknBicDaVtJOYp" \ "wnXJPjZo2EhG79HxDRpjJHH" +#ifdef HAVE_DSA #define BADDSA "AAAAB3NzaC1kc3MAAACBAITDKqGQ5aC5wHySG6ZdL1+BVBY2nLP5vzw3i3pvZfP" \ "yNUS0UCwrt5pajsMvDRGXXebTJhWVonDnv8tpSgiuIBXMZrma8CU1KCFGRzwb/n8" \ "cc5tJmIphlOUTrObjBmsRz7u1eZmoaddXC9ask6BNnt0DmhzYi2esL3mbardy8IN" \ @@ -50,6 +51,7 @@ "EcxqLVllrNEvd2EGD9p16BYO2yaalYon8im59PtOcul2ay5XQ6rVDQ2T0pgNUpsI" \ "h0dSi8VJXI1wes5HTyLsv9VBmU1uCXUUvufoQKfF/OcSH0ufcCpnd62g1/adZcy2" \ "WJg==" +#endif static int sshd_setup(void **state) { @@ -187,6 +189,7 @@ static void torture_knownhosts_fail(void **state) { assert_int_equal(rc, SSH_SERVER_KNOWN_CHANGED); } +#ifdef HAVE_DSA static void torture_knownhosts_other(void **state) { struct torture_state *s = *state; ssh_session session = s->ssh.session; @@ -272,6 +275,7 @@ static void torture_knownhosts_other_auto(void **state) { /* session will be freed by session_teardown() */ } +#endif static void torture_knownhosts_conflict(void **state) { struct torture_state *s = *state; @@ -298,7 +302,9 @@ static void torture_knownhosts_conflict(void **state) { file = fopen(known_hosts_file, "w"); assert_true(file != NULL); fprintf(file, "127.0.0.10 ssh-rsa %s\n", BADRSA); +#ifdef HAVE_DSA fprintf(file, "127.0.0.10 ssh-dss %s\n", BADDSA); +#endif fclose(file); rc = ssh_connect(session); @@ -356,15 +362,21 @@ static void torture_knownhosts_precheck(void **state) { file = fopen(known_hosts_file, "w"); assert_true(file != NULL); fprintf(file, "127.0.0.10 ssh-rsa %s\n", BADRSA); +#ifdef HAVE_DSA fprintf(file, "127.0.0.10 ssh-dss %s\n", BADDSA); +#endif fclose(file); kex = ssh_knownhosts_algorithms(session); assert_true(kex != NULL); assert_string_equal(kex[0],"ssh-rsa"); +#ifdef HAVE_DSA assert_string_equal(kex[1],"ssh-dss"); assert_true(kex[2]==NULL); free(kex[1]); +#else + assert_true(kex[1]==NULL); +#endif free(kex[0]); free(kex); } @@ -378,12 +390,14 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_knownhosts_fail, session_setup, session_teardown), +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_knownhosts_other, session_setup, session_teardown), cmocka_unit_test_setup_teardown(torture_knownhosts_other_auto, session_setup, session_teardown), +#endif cmocka_unit_test_setup_teardown(torture_knownhosts_conflict, session_setup, session_teardown), diff --git a/tests/pkd/pkd_daemon.c b/tests/pkd/pkd_daemon.c index 9860ca56..a128c8e9 100644 --- a/tests/pkd/pkd_daemon.c +++ b/tests/pkd/pkd_daemon.c @@ -253,8 +253,10 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args) { if (type == PKD_RSA) { opts = SSH_BIND_OPTIONS_RSAKEY; +#ifdef HAVE_DSA } else if (type == PKD_DSA) { opts = SSH_BIND_OPTIONS_DSAKEY; +#endif } else if (type == PKD_ECDSA) { opts = SSH_BIND_OPTIONS_ECDSAKEY; } else { diff --git a/tests/pkd/pkd_daemon.h b/tests/pkd/pkd_daemon.h index 7f553fdf..3107ed1e 100644 --- a/tests/pkd/pkd_daemon.h +++ b/tests/pkd/pkd_daemon.h @@ -10,7 +10,9 @@ enum pkd_hostkey_type_e { PKD_RSA, +#ifdef HAVE_DSA PKD_DSA, +#endif PKD_ECDSA }; diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index 4db8ee5c..e0c0cbf6 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -146,12 +146,14 @@ static int torture_pkd_setup_rsa(void **state) { return 0; } +#ifdef HAVE_DSA static int torture_pkd_setup_dsa(void **state) { setup_dsa_key(); *state = (void *) torture_pkd_setup(PKD_DSA, LIBSSH_DSA_TESTKEY); return 0; } +#endif static int torture_pkd_setup_ecdsa_256(void **state) { setup_ecdsa_keys(); @@ -178,6 +180,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) { * Test matrices: f(clientname, testname, ssh-command, setup-function, teardown-function). */ +#ifdef HAVE_DSA #define PKDTESTS_DEFAULT(f, client, cmd) \ /* Default passes by server key type. */ \ f(client, rsa_default, cmd, setup_rsa, teardown) \ @@ -185,7 +188,16 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_256_default, cmd, setup_ecdsa_256, teardown) \ f(client, ecdsa_384_default, cmd, setup_ecdsa_384, teardown) \ f(client, ecdsa_521_default, cmd, setup_ecdsa_521, teardown) +#else +#define PKDTESTS_DEFAULT(f, client, cmd) \ + /* Default passes by server key type. */ \ + f(client, rsa_default, cmd, setup_rsa, teardown) \ + f(client, ecdsa_256_default, cmd, setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_default, cmd, setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_default, cmd, setup_ecdsa_521, teardown) +#endif +#ifdef HAVE_DSA #define PKDTESTS_KEX(f, client, kexcmd) \ /* Kex algorithms. */ \ f(client, rsa_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_rsa, teardown) \ @@ -218,7 +230,28 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_521_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) +#else +#define PKDTESTS_KEX(f, client, kexcmd) \ + /* Kex algorithms. */ \ + f(client, rsa_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_rsa, teardown) \ + f(client, rsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_rsa, teardown) \ + f(client, rsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_rsa, teardown) \ + f(client, rsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_rsa, teardown) \ + f(client, ecdsa_256_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) +#endif +#ifdef HAVE_DSA #define PKDTESTS_CIPHER(f, client, ciphercmd) \ /* Ciphers. */ \ f(client, rsa_3des_cbc, ciphercmd("3des-cbc"), setup_rsa, teardown) \ @@ -251,7 +284,36 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_521_aes256_cbc, ciphercmd("aes256-cbc"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_aes256_ctr, ciphercmd("aes256-ctr"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_blowfish_cbc, ciphercmd("blowfish-cbc"), setup_ecdsa_521, teardown) +#else +#define PKDTESTS_CIPHER(f, client, ciphercmd) \ + /* Ciphers. */ \ + f(client, rsa_3des_cbc, ciphercmd("3des-cbc"), setup_rsa, teardown) \ + f(client, rsa_aes128_cbc, ciphercmd("aes128-cbc"), setup_rsa, teardown) \ + f(client, rsa_aes128_ctr, ciphercmd("aes128-ctr"), setup_rsa, teardown) \ + f(client, rsa_aes256_cbc, ciphercmd("aes256-cbc"), setup_rsa, teardown) \ + f(client, rsa_aes256_ctr, ciphercmd("aes256-ctr"), setup_rsa, teardown) \ + f(client, rsa_blowfish_cbc, ciphercmd("blowfish-cbc"), setup_rsa, teardown) \ + f(client, ecdsa_256_3des_cbc, ciphercmd("3des-cbc"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_aes128_cbc, ciphercmd("aes128-cbc"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_aes128_ctr, ciphercmd("aes128-ctr"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_aes256_cbc, ciphercmd("aes256-cbc"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_aes256_ctr, ciphercmd("aes256-ctr"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_blowfish_cbc, ciphercmd("blowfish-cbc"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_3des_cbc, ciphercmd("3des-cbc"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_aes128_cbc, ciphercmd("aes128-cbc"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_aes128_ctr, ciphercmd("aes128-ctr"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_aes256_cbc, ciphercmd("aes256-cbc"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_aes256_ctr, ciphercmd("aes256-ctr"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_blowfish_cbc, ciphercmd("blowfish-cbc"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_3des_cbc, ciphercmd("3des-cbc"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_aes128_cbc, ciphercmd("aes128-cbc"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_aes128_ctr, ciphercmd("aes128-ctr"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_aes256_cbc, ciphercmd("aes256-cbc"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_aes256_ctr, ciphercmd("aes256-ctr"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_blowfish_cbc, ciphercmd("blowfish-cbc"), setup_ecdsa_521, teardown) +#endif +#ifdef HAVE_DSA #define PKDTESTS_CIPHER_OPENSSHONLY(f, client, ciphercmd) \ /* Ciphers. */ \ f(client, rsa_aes192_cbc, ciphercmd("aes192-cbc"), setup_rsa, teardown) \ @@ -264,7 +326,20 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_384_aes192_ctr, ciphercmd("aes192-ctr"), setup_ecdsa_384, teardown) \ f(client, ecdsa_521_aes192_cbc, ciphercmd("aes192-cbc"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_aes192_ctr, ciphercmd("aes192-ctr"), setup_ecdsa_521, teardown) +#else +#define PKDTESTS_CIPHER_OPENSSHONLY(f, client, ciphercmd) \ + /* Ciphers. */ \ + f(client, rsa_aes192_cbc, ciphercmd("aes192-cbc"), setup_rsa, teardown) \ + f(client, rsa_aes192_ctr, ciphercmd("aes192-ctr"), setup_rsa, teardown) \ + f(client, ecdsa_256_aes192_cbc, ciphercmd("aes192-cbc"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_aes192_ctr, ciphercmd("aes192-ctr"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_aes192_cbc, ciphercmd("aes192-cbc"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_aes192_ctr, ciphercmd("aes192-ctr"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_aes192_cbc, ciphercmd("aes192-cbc"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_aes192_ctr, ciphercmd("aes192-ctr"), setup_ecdsa_521, teardown) +#endif +#ifdef HAVE_DSA #define PKDTESTS_MAC(f, client, maccmd) \ /* MACs. */ \ f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \ @@ -282,6 +357,22 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_256_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_384, teardown) \ f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown) +#else +#define PKDTESTS_MAC(f, client, maccmd) \ + /* MACs. */ \ + f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \ + f(client, ecdsa_256_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \ + f(client, rsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_rsa, teardown) \ + f(client, ecdsa_256_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_521, teardown) \ + f(client, rsa_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_rsa, teardown) \ + f(client, ecdsa_256_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ecdsa_521, teardown) +#endif static void torture_pkd_client_noop(void **state) { struct pkd_state *pstate = (struct pkd_state *) (*state); @@ -328,6 +419,7 @@ static void torture_pkd_runtest(const char *testname, * Actual test functions are emitted here. */ +#ifdef HAVE_DSA #define CLIENT_ID_FILE OPENSSH_DSA_TESTKEY PKDTESTS_DEFAULT(emit_keytest, openssh_dsa, OPENSSH_CMD) PKDTESTS_KEX(emit_keytest, openssh_dsa, OPENSSH_KEX_CMD) @@ -335,6 +427,7 @@ PKDTESTS_CIPHER(emit_keytest, openssh_dsa, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_keytest, openssh_dsa, OPENSSH_MAC_CMD) #undef CLIENT_ID_FILE +#endif #define CLIENT_ID_FILE OPENSSH_RSA_TESTKEY PKDTESTS_DEFAULT(emit_keytest, openssh_rsa, OPENSSH_CMD) @@ -393,11 +486,13 @@ struct { const struct CMUnitTest test; } testmap[] = { /* OpenSSH */ +#ifdef HAVE_DSA PKDTESTS_DEFAULT(emit_testmap, openssh_dsa, OPENSSH_CMD) PKDTESTS_KEX(emit_testmap, openssh_dsa, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_testmap, openssh_dsa, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_testmap, openssh_dsa, OPENSSH_MAC_CMD) +#endif PKDTESTS_DEFAULT(emit_testmap, openssh_rsa, OPENSSH_CMD) PKDTESTS_KEX(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD) @@ -438,11 +533,13 @@ static int pkd_run_tests(void) { int tindex = 0; const struct CMUnitTest openssh_tests[] = { +#ifdef HAVE_DSA PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_dsa, OPENSSH_CMD) PKDTESTS_KEX(emit_unit_test_comma, openssh_dsa, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_unit_test_comma, openssh_dsa, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_dsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_unit_test_comma, openssh_dsa, OPENSSH_MAC_CMD) +#endif PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_rsa, OPENSSH_CMD) PKDTESTS_KEX(emit_unit_test_comma, openssh_rsa, OPENSSH_KEX_CMD) @@ -546,7 +643,9 @@ static int pkd_run_tests(void) { /* Clean up any server keys that were generated. */ cleanup_rsa_key(); +#ifdef HAVE_DSA cleanup_dsa_key(); +#endif cleanup_ecdsa_keys(); return rc; diff --git a/tests/pkd/pkd_keyutil.c b/tests/pkd/pkd_keyutil.c index e1e1ecb8..7cb2ed48 100644 --- a/tests/pkd/pkd_keyutil.c +++ b/tests/pkd/pkd_keyutil.c @@ -27,6 +27,7 @@ void setup_rsa_key() { assert_int_equal(rc, 0); } +#ifdef HAVE_DSA void setup_dsa_key() { int rc = 0; if (access(LIBSSH_DSA_TESTKEY, F_OK) != 0) { @@ -35,6 +36,7 @@ void setup_dsa_key() { } assert_int_equal(rc, 0); } +#endif void setup_ecdsa_keys() { int rc = 0; @@ -65,9 +67,11 @@ void cleanup_rsa_key() { cleanup_key(LIBSSH_RSA_TESTKEY, LIBSSH_RSA_TESTKEY ".pub"); } +#ifdef HAVE_DSA void cleanup_dsa_key() { cleanup_key(LIBSSH_DSA_TESTKEY, LIBSSH_DSA_TESTKEY ".pub"); } +#endif void cleanup_ecdsa_keys() { cleanup_key(LIBSSH_ECDSA_256_TESTKEY, LIBSSH_ECDSA_256_TESTKEY ".pub"); @@ -78,11 +82,13 @@ void cleanup_ecdsa_keys() { void setup_openssh_client_keys() { int rc = 0; +#ifdef HAVE_DSA if (access(OPENSSH_DSA_TESTKEY, F_OK) != 0) { rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f " OPENSSH_DSA_TESTKEY); } assert_int_equal(rc, 0); +#endif if (access(OPENSSH_RSA_TESTKEY, F_OK) != 0) { rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f " @@ -116,7 +122,9 @@ void setup_openssh_client_keys() { } void cleanup_openssh_client_keys() { +#ifdef HAVE_DSA cleanup_key(OPENSSH_DSA_TESTKEY, OPENSSH_DSA_TESTKEY ".pub"); +#endif cleanup_key(OPENSSH_RSA_TESTKEY, OPENSSH_RSA_TESTKEY ".pub"); cleanup_key(OPENSSH_ECDSA256_TESTKEY, OPENSSH_ECDSA256_TESTKEY ".pub"); cleanup_key(OPENSSH_ECDSA384_TESTKEY, OPENSSH_ECDSA384_TESTKEY ".pub"); diff --git a/tests/pkd/pkd_keyutil.h b/tests/pkd/pkd_keyutil.h index 8e9de009..3d0ae5a7 100644 --- a/tests/pkd/pkd_keyutil.h +++ b/tests/pkd/pkd_keyutil.h @@ -7,22 +7,32 @@ #ifndef __PKD_KEYUTIL_H__ #define __PKD_KEYUTIL_H__ +#include "config.h" + /* Server keys. */ +#ifdef HAVE_DSA #define LIBSSH_DSA_TESTKEY "libssh_testkey.id_dsa" +#endif #define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa" #define LIBSSH_ECDSA_256_TESTKEY "libssh_testkey.id_ecdsa256" #define LIBSSH_ECDSA_384_TESTKEY "libssh_testkey.id_ecdsa384" #define LIBSSH_ECDSA_521_TESTKEY "libssh_testkey.id_ecdsa521" +#ifdef HAVE_DSA void setup_dsa_key(void); +#endif void setup_rsa_key(void); void setup_ecdsa_keys(void); +#ifdef HAVE_DSA void cleanup_dsa_key(void); +#endif void cleanup_rsa_key(void); void cleanup_ecdsa_keys(void); /* Client keys. */ +#ifdef HAVE_DSA #define OPENSSH_DSA_TESTKEY "openssh_testkey.id_dsa" +#endif #define OPENSSH_RSA_TESTKEY "openssh_testkey.id_rsa" #define OPENSSH_ECDSA256_TESTKEY "openssh_testkey.id_ecdsa256" #define OPENSSH_ECDSA384_TESTKEY "openssh_testkey.id_ecdsa384" diff --git a/tests/test_ssh_bind_accept_fd.c b/tests/test_ssh_bind_accept_fd.c index 7611cf4c..5aa8211a 100644 --- a/tests/test_ssh_bind_accept_fd.c +++ b/tests/test_ssh_bind_accept_fd.c @@ -73,10 +73,18 @@ void ssh_server() { errx(1, "ssh_bind_new"); } +#ifdef HAVE_DSA + /*TODO mbedtls this is probably required */ if (ssh_bind_options_set(bind, SSH_BIND_OPTIONS_DSAKEY, options.server_keyfile) != SSH_OK) { errx(1, "ssh_bind_options_set(SSH_BIND_OPTIONS_DSAKEY"); } +#else + if (ssh_bind_options_set(bind, SSH_BIND_OPTIONS_RSAKEY, + options.server_keyfile) != SSH_OK) { + errx(1, "ssh_bind_options_set(SSH_BIND_OPTIONS_RSAKEY"); + } +#endif session = ssh_new(); if (!session) { diff --git a/tests/torture.c b/tests/torture.c index 8486eb41..26f15ce0 100644 --- a/tests/torture.c +++ b/tests/torture.c @@ -113,6 +113,7 @@ static const char torture_rsa_testkey_cert[] = "neB6OdgTpKFsmgPZVtqrvhjw+b5T8a4W4iWSl+6wg6gowAm " "rsa_privkey.pub\n"; +#ifdef HAVE_DSA static const char torture_dsa_testkey[] = "-----BEGIN DSA PRIVATE KEY-----\n" "MIIBuwIBAAKBgQCUyvVPEkn3UnZDjzCzSzSHpTltzr0Ec+1mz/JACjHMBJ9C/W/P\n" @@ -167,6 +168,7 @@ static const char torture_dsa_testkey_cert[] = "4mMXgzaLViFtcwah6wHGlW0UPQMvrq/RqigAkyUszSccfibkIXJ+wGAgsRYhVAMwME" "JqPZ6GHOEIjLBKUegsclHb7Pk0YO8Auaw== " "aris@aris-air\n"; +#endif static const char torture_rsa_testkey_pp[] = "-----BEGIN RSA PRIVATE KEY-----\n" @@ -200,6 +202,7 @@ static const char torture_rsa_testkey_pp[] = "JSvUyxoaZUjQkT7iF94HsF+FVVJdI55UjgnMiZ0d5vKffWyTHYcYHkFYaSloAMWN\n" "-----END RSA PRIVATE KEY-----\n"; +#ifdef HAVE_DSA static const char torture_dsa_testkey_pp[] = "-----BEGIN DSA PRIVATE KEY-----\n" "Proc-Type: 4,ENCRYPTED\n" @@ -216,6 +219,7 @@ static const char torture_dsa_testkey_pp[] = "HTSuHZ7edjoWqwnl/vkc3+nG//IEj8LqAacx0i4krDcQpGuQ6BnPfwPFco2NQQpw\n" "wHBOL6HrOnD+gGs6DUFwzA==\n" "-----END DSA PRIVATE KEY-----\n"; +#endif static const char torture_ecdsa256_testkey[] = "-----BEGIN EC PRIVATE KEY-----\n" @@ -571,9 +575,11 @@ ssh_bind torture_ssh_bind(const char *addr, } switch (key_type) { +#ifdef HAVE_DSA case SSH_KEYTYPE_DSS: opts = SSH_BIND_OPTIONS_DSAKEY; break; +#endif case SSH_KEYTYPE_RSA: opts = SSH_BIND_OPTIONS_RSAKEY; break; @@ -694,6 +700,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, int pubkey) { switch (type) { +#ifdef HAVE_DSA case SSH_KEYTYPE_DSS: if (pubkey) { return torture_dsa_testkey_pub; @@ -701,6 +708,7 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, return torture_dsa_testkey_pp; } return torture_dsa_testkey; +#endif case SSH_KEYTYPE_RSA: if (pubkey) { return torture_rsa_testkey_pub; @@ -738,8 +746,10 @@ static const char *torture_get_testkey_internal(enum ssh_keytypes_e type, return torture_ed25519_testkey_pp; } return torture_ed25519_testkey; +#ifdef HAVE_DSA case SSH_KEYTYPE_DSS_CERT01: return torture_dsa_testkey_cert; +#endif case SSH_KEYTYPE_RSA_CERT01: return torture_rsa_testkey_cert; case SSH_KEYTYPE_RSA1: @@ -862,7 +872,9 @@ void torture_setup_socket_dir(void **state) static void torture_setup_create_sshd_config(void **state) { struct torture_state *s = *state; +#ifdef HAVE_DSA char dsa_hostkey[1024]; +#endif char rsa_hostkey[1024]; char ecdsa_hostkey[1024]; char trusted_ca_pubkey[1024]; @@ -882,7 +894,9 @@ static void torture_setup_create_sshd_config(void **state) const char config_string[]= "Port 22\n" "ListenAddress 127.0.0.10\n" +#ifdef HAVE_DSA "HostKey %s\n" +#endif "HostKey %s\n" "HostKey %s\n" "\n" @@ -901,8 +915,12 @@ static void torture_setup_create_sshd_config(void **state) "UsePAM yes\n" "\n" #if (OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 7) || (OPENSSH_VERSION_MAJOR >= 7) +# ifdef HAVE_DSA "HostKeyAlgorithms +ssh-dss\n" -# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) +# else + "HostKeyAlgorithms +ssh-rsa\n" +# endif +# if (OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR < 6) "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n" # else "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc\n" @@ -939,11 +957,13 @@ static void torture_setup_create_sshd_config(void **state) rc = mkdir(sshd_path, 0755); assert_return_code(rc, errno); +#ifdef HAVE_DSA snprintf(dsa_hostkey, sizeof(dsa_hostkey), "%s/sshd/ssh_host_dsa_key", s->socket_dir); torture_write_file(dsa_hostkey, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0)); +#endif snprintf(rsa_hostkey, sizeof(rsa_hostkey), @@ -980,7 +1000,9 @@ static void torture_setup_create_sshd_config(void **state) snprintf(sshd_config, sizeof(sshd_config), config_string, +#ifdef HAVE_DSA dsa_hostkey, +#endif rsa_hostkey, ecdsa_hostkey, trusted_ca_pubkey, diff --git a/tests/unittests/torture_keyfiles.c b/tests/unittests/torture_keyfiles.c index 023396e7..ea456050 100644 --- a/tests/unittests/torture_keyfiles.c +++ b/tests/unittests/torture_keyfiles.c @@ -6,7 +6,9 @@ #include "legacy.c" #define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa" +#ifdef HAVE_DSA #define LIBSSH_DSA_TESTKEY "libssh_testkey.id_dsa" +#endif static int setup_rsa_key(void **state) { @@ -26,6 +28,7 @@ static int setup_rsa_key(void **state) return 0; } +#ifdef HAVE_DSA static int setup_dsa_key(void **state) { ssh_session session; @@ -43,6 +46,7 @@ static int setup_dsa_key(void **state) return 0; } +#endif static int setup_both_keys(void **state) { int rc; @@ -51,9 +55,11 @@ static int setup_both_keys(void **state) { if (rc != 0) { return rc; } +#ifdef HAVE_DSA ssh_free(*state); rc = setup_dsa_key(state); +#endif return rc; } @@ -67,10 +73,12 @@ static int setup_both_keys_passphrase(void **state) torture_write_file(LIBSSH_RSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_RSA, 0)); +#ifdef HAVE_DSA torture_write_file(LIBSSH_DSA_TESTKEY, torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1)); torture_write_file(LIBSSH_DSA_TESTKEY ".pub", torture_get_testkey_pub(SSH_KEYTYPE_DSS, 0)); +#endif session = ssh_new(); *state = session; @@ -80,8 +88,10 @@ static int setup_both_keys_passphrase(void **state) static int teardown(void **state) { +#ifdef HAVE_DSA unlink(LIBSSH_DSA_TESTKEY); unlink(LIBSSH_DSA_TESTKEY ".pub"); +#endif unlink(LIBSSH_RSA_TESTKEY); unlink(LIBSSH_RSA_TESTKEY ".pub"); @@ -216,12 +226,14 @@ static void torture_privatekey_from_file(void **state) { key = NULL; } +#ifdef HAVE_DSA key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, SSH_KEYTYPE_DSS, NULL); assert_true(key != NULL); if (key != NULL) { privatekey_free(key); key = NULL; } +#endif /* Test the automatic type discovery */ key = privatekey_from_file(session, LIBSSH_RSA_TESTKEY, 0, NULL); @@ -231,12 +243,14 @@ static void torture_privatekey_from_file(void **state) { key = NULL; } +#ifdef HAVE_DSA key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, 0, NULL); assert_true(key != NULL); if (key != NULL) { privatekey_free(key); key = NULL; } +#endif } /** @@ -253,12 +267,14 @@ static void torture_privatekey_from_file_passphrase(void **state) { key = NULL; } +#ifdef HAVE_DSA key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, SSH_KEYTYPE_DSS, TORTURE_TESTKEY_PASSWORD); assert_true(key != NULL); if (key != NULL) { privatekey_free(key); key = NULL; } +#endif /* Test the automatic type discovery */ key = privatekey_from_file(session, LIBSSH_RSA_TESTKEY, 0, TORTURE_TESTKEY_PASSWORD); @@ -268,12 +284,14 @@ static void torture_privatekey_from_file_passphrase(void **state) { key = NULL; } +#ifdef HAVE_DSA key = privatekey_from_file(session, LIBSSH_DSA_TESTKEY, 0, TORTURE_TESTKEY_PASSWORD); assert_true(key != NULL); if (key != NULL) { privatekey_free(key); key = NULL; } +#endif } int torture_run_tests(void) { diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c index 66348147..0203ab67 100644 --- a/tests/unittests/torture_options.c +++ b/tests/unittests/torture_options.c @@ -366,11 +366,13 @@ static void torture_bind_options_import_key(void **state) ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY, key); assert_int_equal(rc, 0); +#ifdef HAVE_DSA /* set dsa key */ base64_key = torture_get_testkey(SSH_KEYTYPE_DSS, 0, 0); ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); rc = ssh_bind_options_set(bind, SSH_BIND_OPTIONS_IMPORT_KEY, key); assert_int_equal(rc, 0); +#endif /* set ecdsa key */ base64_key = torture_get_testkey(SSH_KEYTYPE_ECDSA, 512, 0); ssh_pki_import_privkey_base64(base64_key, NULL, NULL, NULL, &key); diff --git a/tests/unittests/torture_pki.c b/tests/unittests/torture_pki.c index b0e6840c..33e7cd89 100644 --- a/tests/unittests/torture_pki.c +++ b/tests/unittests/torture_pki.c @@ -8,7 +8,9 @@ #include <fcntl.h> #define LIBSSH_RSA_TESTKEY "libssh_testkey.id_rsa" +#ifdef HAVE_DSA #define LIBSSH_DSA_TESTKEY "libssh_testkey.id_dsa" +#endif #define LIBSSH_ECDSA_TESTKEY "libssh_testkey.id_ecdsa" #define LIBSSH_ED25519_TESTKEY "libssh_testkey.id_ed25519" @@ -32,6 +34,7 @@ static int setup_rsa_key(void **state) return 0; } +#ifdef HAVE_DSA static int setup_dsa_key(void **state) { (void) state; /* unused */ @@ -48,6 +51,7 @@ static int setup_dsa_key(void **state) { return 0; } +#endif #ifdef HAVE_ECC static int setup_ecdsa_key(void **state, int ecdsa_bits) { @@ -103,7 +107,9 @@ static int setup_both_keys(void **state) { (void) state; /* unused */ setup_rsa_key(state); +#ifdef HAVE_DSA setup_dsa_key(state); +#endif return 0; } @@ -111,9 +117,11 @@ static int setup_both_keys(void **state) { static int teardown(void **state) { (void) state; /* unused */ +#ifdef HAVE_DSA unlink(LIBSSH_DSA_TESTKEY); unlink(LIBSSH_DSA_TESTKEY ".pub"); unlink(LIBSSH_DSA_TESTKEY "-cert.pub"); +#endif unlink(LIBSSH_RSA_TESTKEY); unlink(LIBSSH_RSA_TESTKEY ".pub"); @@ -281,6 +289,7 @@ static void torture_pki_import_privkey_base64_NULL_str(void **state) { ssh_key_free(key); } +#ifdef HAVE_DSA static void torture_pki_import_privkey_base64_DSA(void **state) { int rc; ssh_key key; @@ -297,6 +306,7 @@ static void torture_pki_import_privkey_base64_DSA(void **state) { ssh_key_free(key); } +#endif #ifdef HAVE_ECC static void torture_pki_import_privkey_base64_ECDSA(void **state) { @@ -349,6 +359,8 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) { NULL, &key); assert_true(rc == -1); + ssh_key_free(key); + key = NULL; #ifndef HAVE_LIBCRYPTO /* test if it returns -1 if passphrase is NULL */ @@ -359,7 +371,10 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) { NULL, &key); assert_true(rc == -1); + ssh_key_free(key); + key = NULL; #endif +#ifdef HAVE_DSA /* same for DSA */ @@ -384,7 +399,6 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) { &key); assert_true(rc == -1); -#ifndef HAVE_LIBCRYPTO /* test if it returns -1 if passphrase is NULL */ /* libcrypto asks for a passphrase, so skip this test */ rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0, 1), @@ -393,10 +407,8 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) { NULL, &key); assert_true(rc == -1); -#endif - +# endif /* same for ED25519 */ - rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_ED25519, 0, 1), passphrase, NULL, @@ -417,7 +429,6 @@ static void torture_pki_import_privkey_base64_passphrase(void **state) { NULL, &key); assert_true(rc == -1); - } static void torture_pki_import_privkey_base64_ed25519(void **state){ @@ -474,6 +485,7 @@ static void torture_pki_pki_publickey_from_privatekey_RSA(void **state) { ssh_key_free(pubkey); } +#ifdef HAVE_DSA static void torture_pki_pki_publickey_from_privatekey_DSA(void **state) { int rc; ssh_key key; @@ -498,6 +510,7 @@ static void torture_pki_pki_publickey_from_privatekey_DSA(void **state) { ssh_key_free(key); ssh_key_free(pubkey); } +#endif static void torture_pki_pki_publickey_from_privatekey_ed25519(void **state){ int rc; @@ -621,6 +634,7 @@ static void torture_pki_import_cert_file_rsa(void **state) { ssh_key_free(cert); } +#ifdef HAVE_DSA static void torture_pki_import_cert_file_dsa(void **state) { int rc; ssh_key cert; @@ -676,6 +690,7 @@ static void torture_pki_publickey_dsa_base64(void **state) free(key_buf); ssh_key_free(key); } +#endif #ifdef HAVE_ECC static void torture_pki_publickey_ecdsa_base64(void **state) @@ -829,6 +844,7 @@ static void torture_generate_pubkey_from_privkey_rsa(void **state) { ssh_key_free(pubkey); } +#ifdef HAVE_DSA static void torture_generate_pubkey_from_privkey_dsa(void **state) { char pubkey_generated[4096] = {0}; ssh_key privkey; @@ -867,6 +883,7 @@ static void torture_generate_pubkey_from_privkey_dsa(void **state) { ssh_key_free(privkey); ssh_key_free(pubkey); } +#endif static void torture_generate_pubkey_from_privkey_ed25519(void **state){ char pubkey_generated[4096] = {0}; @@ -997,6 +1014,7 @@ static void torture_pki_duplicate_key_rsa(void **state) ssh_string_free_char(b64_key_gen); } +#ifdef HAVE_DSA static void torture_pki_duplicate_key_dsa(void **state) { int rc; @@ -1042,6 +1060,7 @@ static void torture_pki_duplicate_key_dsa(void **state) ssh_string_free_char(b64_key); ssh_string_free_char(b64_key_gen); } +#endif #ifdef HAVE_ECC static void torture_pki_duplicate_key_ecdsa(void **state) @@ -1080,8 +1099,11 @@ static void torture_pki_duplicate_key_ecdsa(void **state) assert_string_equal(b64_key, b64_key_gen); +#ifndef HAVE_LIBMBEDCRYPTO + /* libmbedcrypto can't compare ecdsa keys */ rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE); assert_true(rc == 0); +#endif ssh_key_free(pubkey); ssh_key_free(privkey); @@ -1212,6 +1234,7 @@ static void torture_pki_generate_key_rsa1(void **state) ssh_free(session); } +#ifdef HAVE_DSA static void torture_pki_generate_key_dsa(void **state) { int rc; @@ -1255,6 +1278,7 @@ static void torture_pki_generate_key_dsa(void **state) ssh_free(session); } +#endif #ifdef HAVE_ECC static void torture_pki_generate_key_ecdsa(void **state) @@ -1478,6 +1502,8 @@ static void torture_pki_write_privkey_ecdsa(void **state) #endif #endif /* HAVE_LIBCRYPTO */ +#ifdef HAVE_DSA +/* TODO mbedtls check if rsa can be used instead of dsa */ static void torture_pki_write_privkey_ed25519(void **state){ ssh_key origkey; ssh_key privkey; @@ -1543,6 +1569,7 @@ static void torture_pki_write_privkey_ed25519(void **state){ ssh_key_free(origkey); ssh_key_free(privkey); } +#endif #ifdef HAVE_ECC static void torture_pki_ecdsa_name(void **state, const char *expected_name) @@ -1595,9 +1622,11 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_RSA, setup_rsa_key, teardown), +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_DSA, setup_dsa_key, teardown), +#endif #ifdef HAVE_ECC cmocka_unit_test_setup_teardown(torture_pki_import_privkey_base64_ECDSA, setup_ecdsa_key_256, @@ -1617,9 +1646,11 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_RSA, setup_rsa_key, teardown), +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_pki_pki_publickey_from_privatekey_DSA, setup_dsa_key, teardown), +#endif #ifdef HAVE_ECC cmocka_unit_test_setup_teardown(torture_pki_publickey_from_privatekey_ECDSA, setup_ecdsa_key_256, @@ -1650,6 +1681,7 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_rsa, setup_rsa_key, teardown), +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_pki_import_cert_file_dsa, setup_dsa_key, teardown), @@ -1658,6 +1690,7 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_publickey_dsa_base64, setup_dsa_key, teardown), +#endif cmocka_unit_test_setup_teardown(torture_pki_publickey_rsa_base64, setup_rsa_key, teardown), @@ -1675,9 +1708,11 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_publickey_ed25519_base64, setup_ed25519_key, teardown), +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_generate_pubkey_from_privkey_dsa, setup_dsa_key, teardown), +#endif cmocka_unit_test_setup_teardown(torture_generate_pubkey_from_privkey_rsa, setup_rsa_key, teardown), @@ -1698,9 +1733,11 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_rsa, setup_rsa_key, teardown), +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_dsa, setup_dsa_key, teardown), +#endif #ifdef HAVE_ECC cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_ecdsa, setup_ecdsa_key_256, @@ -1712,12 +1749,16 @@ int torture_run_tests(void) { setup_ecdsa_key_521, teardown), #endif +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_pki_duplicate_key_dsa, setup_dsa_key, teardown), +#endif cmocka_unit_test(torture_pki_generate_key_rsa), cmocka_unit_test(torture_pki_generate_key_rsa1), +#ifdef HAVE_DSA cmocka_unit_test(torture_pki_generate_key_dsa), +#endif #ifdef HAVE_ECC cmocka_unit_test(torture_pki_generate_key_ecdsa), #endif @@ -1741,9 +1782,11 @@ int torture_run_tests(void) { teardown), #endif #endif /* HAVE_LIBCRYPTO */ +#ifdef HAVE_DSA cmocka_unit_test_setup_teardown(torture_pki_write_privkey_ed25519, setup_dsa_key, teardown), +#endif #ifdef HAVE_ECC cmocka_unit_test_setup_teardown(torture_pki_ecdsa_name256, |