From c8c3d418ee76b5a20708fbcf02ecda4fdd5070cf Mon Sep 17 00:00:00 2001 From: abdallah elhdad Date: Sat, 5 Jul 2025 12:07:23 +0300 Subject: [PATCH] Enable HMAC SHA1 tests for dropbear <2025.87 Signed-off-by: abdallah elhdad Reviewed-by: Jakub Jelen (cherry picked from commit c17112f07015161a62e0ad91ca4016d1ad74781d) --- tests/CMakeLists.txt | 16 ++++++++++++++++ tests/pkd/pkd_client.h | 2 +- tests/pkd/pkd_hello.c | 22 ++++++++++++++-------- tests/tests_config.h.cmake | 1 + 4 files changed, 32 insertions(+), 9 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 72354253..b9eec6af 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -163,6 +163,22 @@ if (SSH_EXECUTABLE) endif() +find_program(DROPBEAR_EXECUTABLE NAMES dbclient) +if (DROPBEAR_EXECUTABLE) + execute_process(COMMAND ${DROPBEAR_EXECUTABLE} -V ERROR_VARIABLE DROPBEAR_VERSION_STR) + string(REGEX REPLACE "^.*Dropbear v([0-9]+)\\.([0-9]+).*$" "\\1.\\2" DROPBEAR_VERSION "${DROPBEAR_VERSION_STR}") + set(DROPBEAR_VERSION "${DROPBEAR_VERSION}") + + # HMAC-SHA1 support was removed in version 2025.87 + if("${DROPBEAR_VERSION}" VERSION_LESS "2025.87") + message("Dropbear Version less than 2025.87, enabling dropbear HMAC-SHA1 tests") + add_definitions(-DDROPBEAR_SUPPORTS_HMAC_SHA1) + endif() +else() + message(STATUS "Could NOT find Dropbear (missing: dbclient executable)") + set(DROPBEAR_EXECUTABLE "/bin/false") +endif() + find_program(SSHD_EXECUTABLE NAME sshd diff --git a/tests/pkd/pkd_client.h b/tests/pkd/pkd_client.h index de42098b..aa65593f 100644 --- a/tests/pkd/pkd_client.h +++ b/tests/pkd/pkd_client.h @@ -61,7 +61,7 @@ /* Dropbear */ -#define DROPBEAR_BINARY "dbclient" +#define DROPBEAR_BINARY DROPBEAR_EXECUTABLE #define DROPBEAR_KEYGEN "dropbearkey" #define DROPBEAR_CMD_START \ diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index a6d74505..cc70683c 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -410,20 +410,26 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_521_aes192_ctr, ciphercmd("aes192-ctr"), setup_ecdsa_521, teardown) -#define PKDTESTS_MAC_FIPS(f, client, maccmd) \ +#define PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) \ f(client, ecdsa_256_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_384, teardown) \ f(client, ecdsa_521_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ecdsa_521, teardown) \ f(client, rsa_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_rsa, teardown) -/* TODO: Include these tests when an older version of dropbear is used. Currently, they have been removed as the latest dropbear version -does not support these MACs. +#define PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd) \ + f(client, ecdsa_256_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \ + f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) -f(client, ecdsa_256_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_256, teardown) \ -f(client, ecdsa_384_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_384, teardown) \ -f(client, ecdsa_521_hmac_sha1, maccmd("hmac-sha1"), setup_ecdsa_521, teardown) \ -f(client, rsa_hmac_sha1, maccmd("hmac-sha1"), setup_rsa, teardown) \ -*/ +#ifdef DROPBEAR_SUPPORTS_HMAC_SHA1 +#define PKDTESTS_MAC_FIPS(f, client, maccmd) \ + PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) \ + PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd) +#else +#define PKDTESTS_MAC_FIPS(f, client, maccmd) \ + PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) +#endif #define PKDTESTS_MAC_OPENSSHONLY_FIPS(f, client, maccmd) \ f(client, ecdsa_256_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ecdsa_256, teardown) \ diff --git a/tests/tests_config.h.cmake b/tests/tests_config.h.cmake index d26c6e51..9474fa09 100644 --- a/tests/tests_config.h.cmake +++ b/tests/tests_config.h.cmake @@ -65,6 +65,7 @@ #cmakedefine NCAT_EXECUTABLE "${NCAT_EXECUTABLE}" #cmakedefine SSHD_EXECUTABLE "${SSHD_EXECUTABLE}" #cmakedefine SSH_EXECUTABLE "${SSH_EXECUTABLE}" +#cmakedefine DROPBEAR_EXECUTABLE "${DROPBEAR_EXECUTABLE}" #cmakedefine WITH_TIMEOUT ${WITH_TIMEOUT} #cmakedefine TIMEOUT_EXECUTABLE "${TIMEOUT_EXECUTABLE}" #cmakedefine SOFTHSM2_LIBRARY "${SOFTHSM2_LIBRARY}"