shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 10:27:22 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests(fido2): add sk-dummy support to the testing infrastructure

Browse Source 
Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
This commit is contained in:
Praneeth Sarode
2025-10-23 22:24:39 +05:30
parent 21d338737a
commit 1241a3a8c9
3 changed files with 132 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
tests/CMakeLists.txt
View File

@@ -30,6 +30,15 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
OpenSSL::Crypto)
endif (WITH_GSSAPI AND GSSAPI_FOUND)
# Check for sk-dummy library if FIDO2 support is enabled
if (WITH_FIDO2)
find_file(SK_DUMMY_LIBRARY
NAMES sk-dummy.so
PATHS /usr/lib64/sshtest /usr/lib/sshtest
NO_DEFAULT_PATH
)
endif (WITH_FIDO2)
# create test library
add_library(${TORTURE_LIBRARY}
STATIC
@@ -43,6 +52,16 @@ target_link_libraries(${TORTURE_LIBRARY} PRIVATE ${TORTURE_LINK_LIBRARIES})
target_compile_options(${TORTURE_LIBRARY} PRIVATE
-DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
)
# Check for sk-dummy and add HAVE_SK_DUMMY definition if available
if (SK_DUMMY_LIBRARY)
add_library(sk-dummy SHARED IMPORTED)
set_target_properties(sk-dummy PROPERTIES IMPORTED_LOCATION "${SK_DUMMY_LIBRARY}")
target_link_libraries(${TORTURE_LIBRARY} PRIVATE sk-dummy)
target_compile_definitions(${TORTURE_LIBRARY} PUBLIC HAVE_SK_DUMMY)
target_compile_definitions(${TORTURE_LIBRARY} PUBLIC SK_DUMMY_LIBRARY_PATH="${SK_DUMMY_LIBRARY}")
endif()
if (WITH_COVERAGE)
append_coverage_compiler_flags_to_target(${TORTURE_LIBRARY})
endif (WITH_COVERAGE)
@@ -86,6 +105,14 @@ if (CLIENT_TESTING)
ssh::static
${WRAP_SYMBOLS}
)
# Link sk-dummy to torture_shared library if available
if (SK_DUMMY_LIBRARY)
target_link_libraries(${TORTURE_SHARED_LIBRARY} PRIVATE sk-dummy)
target_compile_definitions(${TORTURE_SHARED_LIBRARY} PUBLIC HAVE_SK_DUMMY)
target_compile_definitions(${TORTURE_SHARED_LIBRARY} PUBLIC SK_DUMMY_LIBRARY_PATH="${SK_DUMMY_LIBRARY}")
endif (SK_DUMMY_LIBRARY)
target_compile_options(${TORTURE_SHARED_LIBRARY} PRIVATE
-DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
-DTORTURE_SHARED

74
tests/torture_sk.c
View File

@@ -174,3 +174,77 @@ const char *torture_get_sk_pin(void)
const char *pin = getenv("TORTURE_SK_PIN");
return (pin != NULL && pin[0] != '\0') ? pin : NULL;
}
#ifdef HAVE_SK_DUMMY
/* External declarations for sk-dummy library functions
* These match the signatures in openssh sk-api.h */
extern uint32_t sk_api_version(void);
extern int sk_enroll(uint32_t alg,
const uint8_t *challenge,
size_t challenge_len,
const char *application,
uint8_t flags,
const char *pin,
struct sk_option **options,
struct sk_enroll_response **enroll_response);
extern int sk_sign(uint32_t alg,
const uint8_t *data,
size_t data_len,
const char *application,
const uint8_t *key_handle,
size_t key_handle_len,
uint8_t flags,
const char *pin,
struct sk_option **options,
struct sk_sign_response **sign_response);
extern int sk_load_resident_keys(const char *pin,
struct sk_option **options,
struct sk_resident_key ***resident_keys,
size_t *num_keys_found);
static struct ssh_sk_callbacks_struct sk_dummy_callbacks = {
.api_version = sk_api_version,
.enroll = sk_enroll,
.sign = sk_sign,
.load_resident_keys = sk_load_resident_keys,
};
#endif /* HAVE_SK_DUMMY */
#ifdef WITH_FIDO2
const struct ssh_sk_callbacks_struct *torture_get_sk_dummy_callbacks(void)
{
#ifdef HAVE_SK_DUMMY
ssh_callbacks_init(&sk_dummy_callbacks);
return &sk_dummy_callbacks;
#else
return NULL;
#endif /* HAVE_SK_DUMMY */
}
const struct ssh_sk_callbacks_struct *torture_get_sk_callbacks(void)
{
const char *env = getenv("TORTURE_SK_USBHID");
bool torture_sk_usbhid = (env != NULL && env[0] != '\0');
if (torture_sk_usbhid) {
return ssh_sk_get_default_callbacks();
} else {
return torture_get_sk_dummy_callbacks();
}
}
#endif /* WITH_FIDO2 */
bool torture_sk_is_using_sk_dummy(void)
{
const char *env = getenv("TORTURE_SK_USBHID");
/* Return true if using sk-dummy callbacks (when TORTURE_SK_USBHID is NOT
* set) */
return (env == NULL || env[0] == '\0');
}

31
tests/torture_sk.h
View File

@@ -30,6 +30,8 @@
#include "torture.h"
#include "libssh/callbacks.h"
/**
* @brief Validate a security key (ssh_key) structure
*
@@ -87,4 +89,33 @@ void assert_sk_resident_key(struct sk_resident_key *resident_key);
*/
const char *torture_get_sk_pin(void);
/**
* @brief Get dummy security key callbacks for testing
*
* Returns dummy security key callbacks from openssh's sk-dummy
* if available, or NULL if not.
*
* @return Pointer to ssh_sk_callbacks_struct or NULL if unavailable.
*
*/
const struct ssh_sk_callbacks_struct *torture_get_sk_dummy_callbacks(void);
/**
* @brief Get security key callbacks for testing
*
* Returns the default sk callbacks if TORTURE_SK_USBHID is set,
* otherwise returns dummy callbacks from openssh sk-dummy, or NULL if
* unavailable.
*
* @return Pointer to ssh_sk_callbacks_struct or NULL if unavailable
*/
const struct ssh_sk_callbacks_struct *torture_get_sk_callbacks(void);
/**
* @brief Check if using sk-dummy callbacks for testing
*
* @return true if using sk-dummy callbacks, false otherwise
*/
bool torture_sk_is_using_sk_dummy(void);
#endif /* _TORTURE_SK_H */