tests(fido2): add sk-dummy support to the testing infrastructure

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
2026-02-10 18:28:10 +09:00 · 2025-10-23 22:24:39 +05:30
parent 21d338737a
commit 1241a3a8c9
3 changed files with 132 additions and 0 deletions
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -30,6 +30,15 @@ if (WITH_GSSAPI AND GSSAPI_FOUND)
        OpenSSL::Crypto)
 endif (WITH_GSSAPI AND GSSAPI_FOUND)
 # Check for sk-dummy library if FIDO2 support is enabled
 if (WITH_FIDO2)
    find_file(SK_DUMMY_LIBRARY
        NAMES sk-dummy.so
        PATHS /usr/lib64/sshtest /usr/lib/sshtest
        NO_DEFAULT_PATH
    )
 endif (WITH_FIDO2)
 # create test library
 add_library(${TORTURE_LIBRARY}
            STATIC
@@ -43,6 +52,16 @@ target_link_libraries(${TORTURE_LIBRARY} PRIVATE ${TORTURE_LINK_LIBRARIES})
 target_compile_options(${TORTURE_LIBRARY} PRIVATE
                       -DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
 )
 # Check for sk-dummy and add HAVE_SK_DUMMY definition if available
 if (SK_DUMMY_LIBRARY)
    add_library(sk-dummy SHARED IMPORTED)
    set_target_properties(sk-dummy PROPERTIES IMPORTED_LOCATION "${SK_DUMMY_LIBRARY}")
    target_link_libraries(${TORTURE_LIBRARY} PRIVATE sk-dummy)
    target_compile_definitions(${TORTURE_LIBRARY} PUBLIC HAVE_SK_DUMMY)
    target_compile_definitions(${TORTURE_LIBRARY} PUBLIC SK_DUMMY_LIBRARY_PATH="${SK_DUMMY_LIBRARY}")
 endif()
 if (WITH_COVERAGE)
    append_coverage_compiler_flags_to_target(${TORTURE_LIBRARY})
 endif (WITH_COVERAGE)
@@ -86,6 +105,14 @@ if (CLIENT_TESTING)
                          ssh::static
                          ${WRAP_SYMBOLS}
                         )
    # Link sk-dummy to torture_shared library if available
    if (SK_DUMMY_LIBRARY)
        target_link_libraries(${TORTURE_SHARED_LIBRARY} PRIVATE sk-dummy)
        target_compile_definitions(${TORTURE_SHARED_LIBRARY} PUBLIC HAVE_SK_DUMMY)
        target_compile_definitions(${TORTURE_SHARED_LIBRARY} PUBLIC SK_DUMMY_LIBRARY_PATH="${SK_DUMMY_LIBRARY}")
    endif (SK_DUMMY_LIBRARY)
    target_compile_options(${TORTURE_SHARED_LIBRARY} PRIVATE
                           -DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
                           -DTORTURE_SHARED
--- a/tests/torture_sk.c
+++ b/tests/torture_sk.c
@@ -174,3 +174,77 @@ const char *torture_get_sk_pin(void)
    const char *pin = getenv("TORTURE_SK_PIN");
    return (pin != NULL && pin[0] != '\0') ? pin : NULL;
 }
 #ifdef HAVE_SK_DUMMY
 /* External declarations for sk-dummy library functions
 * These match the signatures in openssh sk-api.h */
 extern uint32_t sk_api_version(void);
 extern int sk_enroll(uint32_t alg,
                     const uint8_t *challenge,
                     size_t challenge_len,
                     const char *application,
                     uint8_t flags,
                     const char *pin,
                     struct sk_option **options,
                     struct sk_enroll_response **enroll_response);
 extern int sk_sign(uint32_t alg,
                   const uint8_t *data,
                   size_t data_len,
                   const char *application,
                   const uint8_t *key_handle,
                   size_t key_handle_len,
                   uint8_t flags,
                   const char *pin,
                   struct sk_option **options,
                   struct sk_sign_response **sign_response);
 extern int sk_load_resident_keys(const char *pin,
                                 struct sk_option **options,
                                 struct sk_resident_key ***resident_keys,
                                 size_t *num_keys_found);
 static struct ssh_sk_callbacks_struct sk_dummy_callbacks = {
    .api_version = sk_api_version,
    .enroll = sk_enroll,
    .sign = sk_sign,
    .load_resident_keys = sk_load_resident_keys,
 };
 #endif /* HAVE_SK_DUMMY */
 #ifdef WITH_FIDO2
 const struct ssh_sk_callbacks_struct *torture_get_sk_dummy_callbacks(void)
 {
 #ifdef HAVE_SK_DUMMY
    ssh_callbacks_init(&sk_dummy_callbacks);
    return &sk_dummy_callbacks;
 #else
    return NULL;
 #endif /* HAVE_SK_DUMMY */
 }
 const struct ssh_sk_callbacks_struct *torture_get_sk_callbacks(void)
 {
    const char *env = getenv("TORTURE_SK_USBHID");
    bool torture_sk_usbhid = (env != NULL && env[0] != '\0');
    if (torture_sk_usbhid) {
        return ssh_sk_get_default_callbacks();
    } else {
        return torture_get_sk_dummy_callbacks();
    }
 }
 #endif /* WITH_FIDO2 */
 bool torture_sk_is_using_sk_dummy(void)
 {
    const char *env = getenv("TORTURE_SK_USBHID");
    /* Return true if using sk-dummy callbacks (when TORTURE_SK_USBHID is NOT
     * set) */
    return (env == NULL || env[0] == '\0');
 }
--- a/tests/torture_sk.h
+++ b/tests/torture_sk.h
@@ -30,6 +30,8 @@
 #include "torture.h"
 #include "libssh/callbacks.h"
 /**
 * @brief Validate a security key (ssh_key) structure
 *
@@ -87,4 +89,33 @@ void assert_sk_resident_key(struct sk_resident_key *resident_key);
 */
 const char *torture_get_sk_pin(void);
 /**
 * @brief Get dummy security key callbacks for testing
 *
 * Returns dummy security key callbacks from openssh's sk-dummy
 * if available, or NULL if not.
 *
 * @return Pointer to ssh_sk_callbacks_struct or NULL if unavailable.
 *
 */
 const struct ssh_sk_callbacks_struct *torture_get_sk_dummy_callbacks(void);
 /**
 * @brief Get security key callbacks for testing
 *
 * Returns the default sk callbacks if TORTURE_SK_USBHID is set,
 * otherwise returns dummy callbacks from openssh sk-dummy, or NULL if
 * unavailable.
 *
 * @return Pointer to ssh_sk_callbacks_struct or NULL if unavailable
 */
 const struct ssh_sk_callbacks_struct *torture_get_sk_callbacks(void);
 /**
 * @brief Check if using sk-dummy callbacks for testing
 *
 * @return true if using sk-dummy callbacks, false otherwise
 */
 bool torture_sk_is_using_sk_dummy(void);
 #endif /* _TORTURE_SK_H */