aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2019-03-07Use a common KDF functionSimo Sorce1-1/+1
Cleanup the KDF function to use only one function per crypto backend. Improve the KDF function to properly handle requested lenght and to avoid unnecessarily reallocating buffers. In OpenSSL use the new EVP_KDF API if available. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-03-07Add unit test for fn that generates session keysSimo Sorce2-0/+98
Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-22Add tests and implementation for Encrypt-then-MAC modeDirkjan Bussink5-38/+350
This adds the OpenSSH HMACs that do encrypt then mac. This is a more secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and AES-GCM are already encrypt-then-mac, but this also adds it for older legacy clients that don't support those ciphers yet. Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-22Select ciphers for MAC tests that need a MACDirkjan Bussink1-1/+1
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com> Reviewed-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-21buffer: Fix regression introduced by 6c7eaa and c306a6Tilo Eckert2-6/+2
Buffer (un)packing was broken on compilers that are not gcc-compatible since the checks for an argument count of -1 have been removed from ssh_buffer_(un)pack(). This fix no longer uses GCC extensions for the __VA_NARG__ macro, but only plain C99. Note: The macro can no longer count empty argument lists (results in compile error) which was not needed anyway. Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2019-02-07cmake: fix build problem on ubuntu 18.04Aris Adamantiadis1-2/+2
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
2019-02-07tests/pkd: repro rsa-sha2-{256,512} negotiation bugJon Simons2-6/+17
Add four passes to the pkd tests to exercise codepaths where an OpenSSH client requests these HostKeyAlgorithms combinations: * rsa-sha2-256 * rsa-sha2-512 * rsa-sha2-256,rsa-sha2-512 * rsa-sha2-512,rsa-sha2-256 The tests demonstrate that the third combination currently fails: libssh ends up choosing `rsa-sha2-512` instead of `rsa-sha2-256`, and the initial exchange fails on the client side citing a signature failure. Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07Allow building without Group Exchange supportJakub Jelen3-61/+52
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07kex: Disable diffie-hellman-group-exchange-sha1 by defaultJakub Jelen2-23/+50
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07tests: Fix error messageJakub Jelen1-1/+1
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-02-07tests: Don't talk to ssh-agent in server authentication testsJakub Jelen1-0/+3
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26tests: Initialize ssh_cipher_struct in torture_crypto_aes256_cbc()Andreas Schneider1-8/+20
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26tests: Add NULL checks in pki testsAnderson Toshiyuki Sasaki5-7/+96
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26tests: Prefer assert_non_null() over assert_false()Anderson Toshiyuki Sasaki5-8/+8
This also replaces some occurrences of assert_true() with assert_null() Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26tests: Added NULL checks in torture_list.cAnderson Toshiyuki Sasaki1-0/+31
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-26tests: Prefer assert_non_null over assert_trueAnderson Toshiyuki Sasaki14-88/+87
This also replaces some occurrences of assert_true with assert_null. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24tests: Extend negative test cases for config Match keywordJakub Jelen2-2/+102
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24tests: Use assert_ssh_return_code() in config testJakub Jelen1-7/+7
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24pkd: dh-group-exchange testcasesAris Adamantiadis1-4/+27
2019-01-24tests: Added moduli file parsing testsAris Adamantiadis2-0/+121
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-24tests: Add dh-group-exchange algorithm testsAris Adamantiadis2-1/+28
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Add test for server interactive authenticationAnderson Toshiyuki Sasaki2-0/+764
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-01-22tests: Add test for server auth method noneAnderson Toshiyuki Sasaki1-0/+33
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Test server pubkey authenticationAnderson Toshiyuki Sasaki3-6/+86
The default pubkey authentication callback is not checking anything. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Added functions to get the default callbacksAnderson Toshiyuki Sasaki2-33/+111
This makes easier to create test cases using callbacks based on the default callbacks (e.g. using the default callbacks but replacing one specific callback) Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Provide the server state to callbacksAnderson Toshiyuki Sasaki2-0/+11
This aims to make it easier to implement custom callbacks. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Reproducer for cockpit issue, where server provides an invalid signatureJakub Jelen1-0/+80
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-22tests: Check return valuesJakub Jelen1-2/+4
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2019-01-22tests: Initialize allocated memoryJakub Jelen1-2/+2
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2019-01-22tests: Added test serverAnderson Toshiyuki Sasaki9-0/+2440
The server can be configured through command line options or by providing a state structure with the desired values set. Currently supports only password based authentication. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2019-01-22tests: Fix uninitialized warning in torture_threads_pki_rsaAndreas Schneider1-8/+8
Error: CLANG_WARNING: tests/unittests/torture_threads_pki_rsa.c:520:5: warning: 1st function call argument is an uninitialized value Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11tests: Refactor test so that all RSA + hash combinations are testedTilo Eckert1-64/+58
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11tests: Fix incorrect hash type parameter on signature importTilo Eckert1-3/+8
RSA with SHA-256/512 signatures have been interpreted as RSA with SHA-1 Signed-off-by: Tilo Eckert <tilo.eckert@flam.de> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-11tests: Refactor the sftp initilization to avoid invalid memory access on ↵Jakub Jelen1-49/+57
sftp failures Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09kex: List also the SHA2 extension when ordering hostkey algorithmsJakub Jelen1-4/+6
By default, the list of already stored known host types is preferred, but this selection so far ignored the SHA2 extension and excluded these keys in the KEXINIT list leading to not using this extension if not explicitly enabled from configuration. This commit extends the default list with the SHA2 signatures algoritms and compares only base types so they can be listed in the KEXINIT list. This adjust the tests to expect the full list of algorithms to pass. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Verify rekeying initialized by the server worksJakub Jelen1-0/+138
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Allow to modify sshd config from the testJakub Jelen2-19/+112
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Verify that rekey limits are effective from the client sideJakub Jelen2-0/+386
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com>
2019-01-09packet: Provide a function to switch crypto in separate directionsJakub Jelen1-0/+1
This also fixes the test using the crypto directly Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Verify we can parse RekeyLimit configuration optionJakub Jelen1-0/+98
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Allow to generate unencrypted PCAP files from testsuiteJakub Jelen11-13/+51
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Reproducer for T122Jakub Jelen1-0/+7
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-01-09tests: Do not run SSHD with PAM when not neededJakub Jelen18-23/+36
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-19crypto: Disable blowfish support by defaultAndreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2018-12-10tests: Do not segfault when built without ZLIBJakub Jelen1-0/+5
Signed-off-by: Jakub Jelen <jakuje@gmail.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10tests: Verify we can parse the ProxyJump configuration optionJakub Jelen1-0/+235
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10tests: Verify ProxyCommand works with sshJakub Jelen1-0/+25
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10tests: Use torture_server_address() in proxycommand testJakub Jelen1-2/+9
Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10tests: Verify all the options are copied overJakub Jelen1-0/+109
The ssh_options_copy() function was missing several options that were added in recent years. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-12-10packet: Allow SSH2_MSG_EXT_INFO when authenticatedAnderson Toshiyuki Sasaki1-0/+31
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This message was being filtered out by the packet filtering. This includes a test to enforce the filtering rules for this packet type. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 13:50:44 +0000