shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests: Authentication with Ed25519 pkcs11 key

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2026-01-09 16:30:42 +01:00
parent a983142a07
commit 18ec01c980
3 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/CMakeLists.txt
View File

@@ -419,6 +419,9 @@ if (CLIENT_TESTING OR SERVER_TESTING)
file(READ keys/pkcs11/id_pkcs11_ecdsa_521_openssh.pub CONTENTS) file(READ keys/pkcs11/id_pkcs11_ecdsa_521_openssh.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}") file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}")
file(READ keys/pkcs11/id_pkcs11_ed25519_openssh.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}")
# Copy the signed key to an doe's homedir. # Copy the signed key to an doe's homedir.
file(COPY keys/certauth/id_rsa DESTINATION file(COPY keys/certauth/id_rsa DESTINATION
${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) ${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)

23
tests/client/torture_auth_pkcs11.c
View File

@@ -35,10 +35,11 @@
/* agent_is_running */ /* agent_is_running */
#include "agent.c" #include "agent.c"
#define LIBSSH_RSA_TESTKEY "id_pkcs11_rsa" #define LIBSSH_RSA_TESTKEY "id_pkcs11_rsa"
#define LIBSSH_ECDSA_256_TESTKEY "id_pkcs11_ecdsa_256" #define LIBSSH_ECDSA_256_TESTKEY "id_pkcs11_ecdsa_256"
#define LIBSSH_ECDSA_384_TESTKEY "id_pkcs11_ecdsa_384" #define LIBSSH_ECDSA_384_TESTKEY "id_pkcs11_ecdsa_384"
#define LIBSSH_ECDSA_521_TESTKEY "id_pkcs11_ecdsa_521" #define LIBSSH_ECDSA_521_TESTKEY "id_pkcs11_ecdsa_521"
#define LIBSSH_ED25519_TESTKEY "id_pkcs11_ed25519"
const char template[] = "/tmp/temp_dir_XXXXXX"; const char template[] = "/tmp/temp_dir_XXXXXX";
@@ -142,6 +143,9 @@ static int setup_pkcs11(void **state)
setup_tokens(state, LIBSSH_ECDSA_256_TESTKEY, "ecdsa256"); setup_tokens(state, LIBSSH_ECDSA_256_TESTKEY, "ecdsa256");
setup_tokens(state, LIBSSH_ECDSA_384_TESTKEY, "ecdsa384"); setup_tokens(state, LIBSSH_ECDSA_384_TESTKEY, "ecdsa384");
setup_tokens(state, LIBSSH_ECDSA_521_TESTKEY, "ecdsa521"); setup_tokens(state, LIBSSH_ECDSA_521_TESTKEY, "ecdsa521");
if (!ssh_fips_mode()) {
setup_tokens(state, LIBSSH_ED25519_TESTKEY, "ed25519");
}
return 0; return 0;
} }
@@ -238,6 +242,18 @@ static void torture_auth_autopubkey_ecdsa_key_521(void **state)
torture_auth_autopubkey(state, "ecdsa521", "1234"); torture_auth_autopubkey(state, "ecdsa521", "1234");
} }
#ifdef WITH_PKCS11_PROVIDER
static void torture_auth_autopubkey_ed25519(void **state)
{
/* The Ed25519 keys are not supported in FIPS mode */
if (ssh_fips_mode()) {
skip();
}
torture_auth_autopubkey(state, "ed25519", "1234");
}
#endif /* WITH_PKCS11_PROVIDER */
int torture_run_tests(void) int torture_run_tests(void)
{ {
int rc; int rc;
@@ -254,6 +270,11 @@ int torture_run_tests(void)
cmocka_unit_test_setup_teardown(torture_auth_autopubkey_ecdsa_key_521, cmocka_unit_test_setup_teardown(torture_auth_autopubkey_ecdsa_key_521,
session_setup, session_setup,
session_teardown), session_teardown),
#ifdef WITH_PKCS11_PROVIDER
cmocka_unit_test_setup_teardown(torture_auth_autopubkey_ed25519,
session_setup,
session_teardown),
#endif /* WITH_PKCS11_PROVIDER */
}; };
/* Do not use system openssl.cnf for the pkcs11 uri tests. /* Do not use system openssl.cnf for the pkcs11 uri tests.

1
tests/keys/pkcs11/id_pkcs11_ed25519_openssh.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1aDCZfQOPArIsxnS8uMipbQtjM/FD77+hpkyo9i95W