shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-11 10:40:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

tests: Adjust for FIPS and simplify initialization

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Jakub Jelen
2019-05-29 20:08:34 +02:00
committed by Andreas Schneider
parent 8c59f7f236
commit 20e58be7d8
1 changed files with 84 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
tests/server/torture_server_config.c
View File

@@ -419,16 +419,11 @@ static int try_config_content(void **state, const char *config_content,
return 0; return 0;
} }
static void torture_server_config_hostkey(void **state) static char *hostkey_files[6] = {0};
static size_t setup_hostkey_files(struct test_server_st *tss)
{ {
struct test_server_st *tss = *state; size_t num_hostkey_files = 5;
char *hostkey_files[6];
size_t i, num_hostkey_files = 5;
char config_content[4096];
int rc;
assert_non_null(tss);
hostkey_files[0] = tss->ed25519_hostkey; hostkey_files[0] = tss->ed25519_hostkey;
hostkey_files[1] = tss->rsa_hostkey; hostkey_files[1] = tss->rsa_hostkey;
@@ -440,7 +435,25 @@ static void torture_server_config_hostkey(void **state)
num_hostkey_files = 6; num_hostkey_files = 6;
#endif #endif
return num_hostkey_files;
}
static void torture_server_config_hostkey(void **state)
{
struct test_server_st *tss = *state;
size_t i, num_hostkey_files;
char config_content[4096];
int rc;
assert_non_null(tss);
num_hostkey_files = setup_hostkey_files(tss);
for (i = 0; i < num_hostkey_files; i++) { for (i = 0; i < num_hostkey_files; i++) {
if (ssh_fips_mode() && (i == 0 || i == 5)) {
continue;
}
snprintf(config_content, snprintf(config_content,
sizeof(config_content), sizeof(config_content),
"HostKey %s\n", "HostKey %s\n",
@@ -457,7 +470,6 @@ static void torture_server_config_hostkey(void **state)
static void torture_server_config_ciphers(void **state) static void torture_server_config_ciphers(void **state)
{ {
struct test_server_st *tss = *state; struct test_server_st *tss = *state;
char *hostkey_files[6];
size_t i, j, num_hostkey_files = 1; size_t i, j, num_hostkey_files = 1;
char config_content[4096]; char config_content[4096];
@@ -469,18 +481,7 @@ static void torture_server_config_ciphers(void **state)
assert_non_null(tss); assert_non_null(tss);
hostkey_files[0] = tss->ed25519_hostkey; num_hostkey_files = setup_hostkey_files(tss);
#ifdef TEST_ALL_CRYPTO_COMBINATIONS
hostkey_files[1] = tss->rsa_hostkey;
hostkey_files[2] = tss->ecdsa_256_hostkey;
hostkey_files[3] = tss->ecdsa_384_hostkey;
hostkey_files[4] = tss->ecdsa_521_hostkey;
num_hostkey_files = 5;
#ifdef HAVE_DSA
hostkey_files[5] = tss->dsa_hostkey;
num_hostkey_files = 6;
#endif
#endif
ciphers = ssh_kex_get_default_methods(SSH_CRYPT_S_C); ciphers = ssh_kex_get_default_methods(SSH_CRYPT_S_C);
assert_non_null(ciphers); assert_non_null(ciphers);
@@ -489,6 +490,14 @@ static void torture_server_config_ciphers(void **state)
assert_non_null(tokens); assert_non_null(tokens);
for (i = 0; i < num_hostkey_files; i++) { for (i = 0; i < num_hostkey_files; i++) {
if (ssh_fips_mode() && (i == 0 || i == 5)) {
continue;
}
#ifndef TEST_ALL_CRYPTO_COMBINATIONS
if (i > 1) {
continue;
}
#endif
/* Try setting all default algorithms */ /* Try setting all default algorithms */
snprintf(config_content, snprintf(config_content,
sizeof(config_content), sizeof(config_content),
@@ -525,7 +534,6 @@ static void torture_server_config_ciphers(void **state)
static void torture_server_config_macs(void **state) static void torture_server_config_macs(void **state)
{ {
struct test_server_st *tss = *state; struct test_server_st *tss = *state;
char *hostkey_files[6];
size_t i, j, num_hostkey_files = 1; size_t i, j, num_hostkey_files = 1;
char config_content[4096]; char config_content[4096];
@@ -537,18 +545,7 @@ static void torture_server_config_macs(void **state)
assert_non_null(tss); assert_non_null(tss);
hostkey_files[0] = tss->ed25519_hostkey; num_hostkey_files = setup_hostkey_files(tss);
#ifdef TEST_ALL_CRYPTO_COMBINATIONS
hostkey_files[1] = tss->rsa_hostkey;
hostkey_files[2] = tss->ecdsa_256_hostkey;
hostkey_files[3] = tss->ecdsa_384_hostkey;
hostkey_files[4] = tss->ecdsa_521_hostkey;
num_hostkey_files = 5;
#ifdef HAVE_DSA
hostkey_files[5] = tss->dsa_hostkey;
num_hostkey_files = 6;
#endif
#endif
macs = ssh_kex_get_default_methods(SSH_MAC_S_C); macs = ssh_kex_get_default_methods(SSH_MAC_S_C);
assert_non_null(macs); assert_non_null(macs);
@@ -557,6 +554,14 @@ static void torture_server_config_macs(void **state)
assert_non_null(tokens); assert_non_null(tokens);
for (i = 0; i < num_hostkey_files; i++) { for (i = 0; i < num_hostkey_files; i++) {
if (ssh_fips_mode() && (i == 0 || i == 5)) {
continue;
}
#ifndef TEST_ALL_CRYPTO_COMBINATIONS
if (i > 1) {
continue;
}
#endif
/* Try setting all default algorithms */ /* Try setting all default algorithms */
snprintf(config_content, snprintf(config_content,
sizeof(config_content), sizeof(config_content),
@@ -593,7 +598,6 @@ static void torture_server_config_macs(void **state)
static void torture_server_config_kex(void **state) static void torture_server_config_kex(void **state)
{ {
struct test_server_st *tss = *state; struct test_server_st *tss = *state;
char *hostkey_files[6];
size_t i, j, num_hostkey_files = 1; size_t i, j, num_hostkey_files = 1;
char config_content[4096]; char config_content[4096];
@@ -605,18 +609,7 @@ static void torture_server_config_kex(void **state)
assert_non_null(tss); assert_non_null(tss);
hostkey_files[0] = tss->ed25519_hostkey; num_hostkey_files = setup_hostkey_files(tss);
#ifdef TEST_ALL_CRYPTO_COMBINATIONS
hostkey_files[1] = tss->rsa_hostkey;
hostkey_files[2] = tss->ecdsa_256_hostkey;
hostkey_files[3] = tss->ecdsa_384_hostkey;
hostkey_files[4] = tss->ecdsa_521_hostkey;
num_hostkey_files = 5;
#ifdef HAVE_DSA
hostkey_files[5] = tss->dsa_hostkey;
num_hostkey_files = 6;
#endif
#endif
kex = ssh_kex_get_default_methods(SSH_KEX); kex = ssh_kex_get_default_methods(SSH_KEX);
assert_non_null(kex); assert_non_null(kex);
@@ -625,6 +618,14 @@ static void torture_server_config_kex(void **state)
assert_non_null(tokens); assert_non_null(tokens);
for (i = 0; i < num_hostkey_files; i++) { for (i = 0; i < num_hostkey_files; i++) {
if (ssh_fips_mode() && (i == 0 || i == 5)) {
continue;
}
#ifndef TEST_ALL_CRYPTO_COMBINATIONS
if (i > 1) {
continue;
}
#endif
/* Try setting all default algorithms */ /* Try setting all default algorithms */
snprintf(config_content, snprintf(config_content,
sizeof(config_content), sizeof(config_content),
@@ -661,7 +662,6 @@ static void torture_server_config_kex(void **state)
static void torture_server_config_hostkey_algorithms(void **state) static void torture_server_config_hostkey_algorithms(void **state)
{ {
struct test_server_st *tss = *state; struct test_server_st *tss = *state;
char *hostkey_files[6];
size_t i, num_hostkey_files = 5; size_t i, num_hostkey_files = 5;
char config_content[4096]; char config_content[4096];
@@ -671,20 +671,15 @@ static void torture_server_config_hostkey_algorithms(void **state)
assert_non_null(tss); assert_non_null(tss);
hostkey_files[0] = tss->ed25519_hostkey; num_hostkey_files = setup_hostkey_files(tss);
hostkey_files[1] = tss->rsa_hostkey;
hostkey_files[2] = tss->ecdsa_256_hostkey;
hostkey_files[3] = tss->ecdsa_384_hostkey;
hostkey_files[4] = tss->ecdsa_521_hostkey;
#ifdef HAVE_DSA
hostkey_files[5] = tss->dsa_hostkey;
num_hostkey_files = 6;
#endif
allowed = ssh_kex_get_default_methods(SSH_HOSTKEYS); allowed = ssh_kex_get_default_methods(SSH_HOSTKEYS);
assert_non_null(allowed); assert_non_null(allowed);
for (i = 0; i < num_hostkey_files; i++) { for (i = 0; i < num_hostkey_files; i++) {
if (ssh_fips_mode() && (i == 0 || i == 5)) {
continue;
}
/* Should work with all allowed */ /* Should work with all allowed */
snprintf(config_content, snprintf(config_content,
sizeof(config_content), sizeof(config_content),
@@ -700,29 +695,31 @@ static void torture_server_config_hostkey_algorithms(void **state)
/* Should work with matching hostkey and allowed algorithm */ /* Should work with matching hostkey and allowed algorithm */
/* ed25519 */ if (!ssh_fips_mode()) {
snprintf(config_content, /* ed25519 */
sizeof(config_content), snprintf(config_content,
"HostKey %s\nHostkeyAlgorithms %s\n", sizeof(config_content),
tss->ed25519_hostkey, "ssh-ed25519"); "HostKey %s\nHostkeyAlgorithms %s\n",
tss->ed25519_hostkey, "ssh-ed25519");
rc = try_config_content(state, config_content, true); rc = try_config_content(state, config_content, true);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
rc = try_config_content(state, config_content, false); rc = try_config_content(state, config_content, false);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
/* ssh-rsa */ /* ssh-rsa */
snprintf(config_content, snprintf(config_content,
sizeof(config_content), sizeof(config_content),
"HostKey %s\nHostkeyAlgorithms %s\n", "HostKey %s\nHostkeyAlgorithms %s\n",
tss->rsa_hostkey, "ssh-rsa"); tss->rsa_hostkey, "ssh-rsa");
rc = try_config_content(state, config_content, true); rc = try_config_content(state, config_content, true);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
rc = try_config_content(state, config_content, false); rc = try_config_content(state, config_content, false);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
}
/* rsa-sha2-256 */ /* rsa-sha2-256 */
snprintf(config_content, snprintf(config_content,
@@ -785,17 +782,19 @@ static void torture_server_config_hostkey_algorithms(void **state)
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
#ifdef HAVE_DSA #ifdef HAVE_DSA
/* ecdsa-sha2-nistp256 */ if (!ssh_fips_mode()) {
snprintf(config_content, /* ssh-dss */
sizeof(config_content), snprintf(config_content,
"HostKey %s\nHostkeyAlgorithms %s\n", sizeof(config_content),
tss->dsa_hostkey, "ssh-dss"); "HostKey %s\nHostkeyAlgorithms %s\n",
tss->dsa_hostkey, "ssh-dss");
rc = try_config_content(state, config_content, true); rc = try_config_content(state, config_content, true);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
rc = try_config_content(state, config_content, false); rc = try_config_content(state, config_content, false);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
}
#endif #endif
} }