From cefc4f8c97067d3dd0f5cf0367e065cad246cc2b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 5 Nov 2025 17:28:21 +0100 Subject: [PATCH] pkd: Run tests with ecdsa and ed25519 keys with dropbear Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- tests/pkd/pkd_hello.c | 50 ++++++++++++++++++++++++++++++++--------- tests/pkd/pkd_keyutil.c | 22 +++++++++++++++--- tests/pkd/pkd_keyutil.h | 6 +++-- 3 files changed, 62 insertions(+), 16 deletions(-) diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index c23e47d4..f4c897ed 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -592,9 +592,21 @@ PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_MAC_CMD) #undef CLIENT_ID_FILE #define CLIENT_ID_FILE DROPBEAR_RSA_TESTKEY -PKDTESTS_DEFAULT(emit_keytest, dropbear, DROPBEAR_CMD) -PKDTESTS_CIPHER(emit_keytest, dropbear, DROPBEAR_CIPHER_CMD) -PKDTESTS_MAC(emit_keytest, dropbear, DROPBEAR_MAC_CMD) +PKDTESTS_DEFAULT(emit_keytest, dropbear_rsa, DROPBEAR_CMD) +PKDTESTS_CIPHER(emit_keytest, dropbear_rsa, DROPBEAR_CIPHER_CMD) +PKDTESTS_MAC(emit_keytest, dropbear_rsa, DROPBEAR_MAC_CMD) +#undef CLIENT_ID_FILE + +#define CLIENT_ID_FILE DROPBEAR_ECDSA256_TESTKEY +PKDTESTS_DEFAULT(emit_keytest, dropbear_e256, DROPBEAR_CMD) +PKDTESTS_CIPHER(emit_keytest, dropbear_e256, DROPBEAR_CIPHER_CMD) +PKDTESTS_MAC(emit_keytest, dropbear_e256, DROPBEAR_MAC_CMD) +#undef CLIENT_ID_FILE + +#define CLIENT_ID_FILE DROPBEAR_ED25519_TESTKEY +PKDTESTS_DEFAULT(emit_keytest, dropbear_ed, DROPBEAR_CMD) +PKDTESTS_CIPHER(emit_keytest, dropbear_ed, DROPBEAR_CIPHER_CMD) +PKDTESTS_MAC(emit_keytest, dropbear_ed, DROPBEAR_MAC_CMD) #undef CLIENT_ID_FILE /* @@ -648,9 +660,17 @@ struct { PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_MAC_CMD) /* Dropbear */ - PKDTESTS_DEFAULT(emit_testmap, dropbear, DROPBEAR_CMD) - PKDTESTS_CIPHER(emit_testmap, dropbear, DROPBEAR_CIPHER_CMD) - PKDTESTS_MAC(emit_testmap, dropbear, DROPBEAR_MAC_CMD) + PKDTESTS_DEFAULT(emit_testmap, dropbear_rsa, DROPBEAR_CMD) + PKDTESTS_CIPHER(emit_testmap, dropbear_rsa, DROPBEAR_CIPHER_CMD) + PKDTESTS_MAC(emit_testmap, dropbear_rsa, DROPBEAR_MAC_CMD) + + PKDTESTS_DEFAULT(emit_testmap, dropbear_e256, DROPBEAR_CMD) + PKDTESTS_CIPHER(emit_testmap, dropbear_e256, DROPBEAR_CIPHER_CMD) + PKDTESTS_MAC(emit_testmap, dropbear_e256, DROPBEAR_MAC_CMD) + + PKDTESTS_DEFAULT(emit_testmap, dropbear_ed, DROPBEAR_CMD) + PKDTESTS_CIPHER(emit_testmap, dropbear_ed, DROPBEAR_CIPHER_CMD) + PKDTESTS_MAC(emit_testmap, dropbear_ed, DROPBEAR_MAC_CMD) /* Noop */ emit_testmap(client, noop, "", setup_noop, teardown) @@ -701,9 +721,17 @@ static int pkd_run_tests(void) { * through cli (see 'man dbclient') */ const struct CMUnitTest dropbear_tests[] = { - PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear, DROPBEAR_CMD) - PKDTESTS_CIPHER(emit_unit_test_comma, dropbear, DROPBEAR_CIPHER_CMD) - PKDTESTS_MAC(emit_unit_test_comma, dropbear, DROPBEAR_MAC_CMD) + PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear_rsa, DROPBEAR_CMD) + PKDTESTS_CIPHER(emit_unit_test_comma, dropbear_rsa, DROPBEAR_CIPHER_CMD) + PKDTESTS_MAC(emit_unit_test_comma, dropbear_rsa, DROPBEAR_MAC_CMD) + + PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear_e256, DROPBEAR_CMD) + PKDTESTS_CIPHER(emit_unit_test_comma, dropbear_e256, DROPBEAR_CIPHER_CMD) + PKDTESTS_MAC(emit_unit_test_comma, dropbear_e256, DROPBEAR_MAC_CMD) + + PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear_ed, DROPBEAR_CMD) + PKDTESTS_CIPHER(emit_unit_test_comma, dropbear_ed, DROPBEAR_CIPHER_CMD) + PKDTESTS_MAC(emit_unit_test_comma, dropbear_ed, DROPBEAR_MAC_CMD) }; const struct CMUnitTest openssh_fips_tests[] = { @@ -748,7 +776,7 @@ static int pkd_run_tests(void) { } if (is_dropbear_client_enabled()) { - setup_dropbear_client_rsa_key(); + setup_dropbear_client_keys(); if (!ssh_fips_mode()) { memcpy(&all_tests[tindex], &dropbear_tests[0], sizeof(dropbear_tests)); tindex += (sizeof(dropbear_tests) / sizeof(dropbear_tests[0])); @@ -800,7 +828,7 @@ static int pkd_run_tests(void) { /* Clean up client keys for each enabled client. */ if (is_dropbear_client_enabled()) { - cleanup_dropbear_client_rsa_key(); + cleanup_dropbear_client_keys(); } if (is_openssh_client_enabled()) { diff --git a/tests/pkd/pkd_keyutil.c b/tests/pkd/pkd_keyutil.c index daaab134..bf4428bf 100644 --- a/tests/pkd/pkd_keyutil.c +++ b/tests/pkd/pkd_keyutil.c @@ -167,15 +167,31 @@ void cleanup_openssh_client_keys(void) { } } -void setup_dropbear_client_rsa_key(void) { +void setup_dropbear_client_keys(void) +{ int rc = 0; if (access(DROPBEAR_RSA_TESTKEY, F_OK) != 0) { rc = system_checked(DROPBEAR_KEYGEN " -t rsa -f " DROPBEAR_RSA_TESTKEY " 1>/dev/null 2>/dev/null"); } assert_int_equal(rc, 0); + if (access(DROPBEAR_ECDSA256_TESTKEY, F_OK) != 0) { + rc = system_checked(DROPBEAR_KEYGEN " -t ecdsa -f " + DROPBEAR_ECDSA256_TESTKEY + " 1>/dev/null 2>/dev/null"); + } + assert_int_equal(rc, 0); + if (access(DROPBEAR_ED25519_TESTKEY, F_OK) != 0) { + rc = system_checked(DROPBEAR_KEYGEN " -t ed25519 -f " + DROPBEAR_ED25519_TESTKEY + " 1>/dev/null 2>/dev/null"); + } + assert_int_equal(rc, 0); } -void cleanup_dropbear_client_rsa_key(void) { - unlink(DROPBEAR_RSA_TESTKEY); +void cleanup_dropbear_client_keys(void) +{ + cleanup_key(DROPBEAR_RSA_TESTKEY); + cleanup_key(DROPBEAR_ECDSA256_TESTKEY); + cleanup_key(DROPBEAR_ED25519_TESTKEY); } diff --git a/tests/pkd/pkd_keyutil.h b/tests/pkd/pkd_keyutil.h index 8e8f50ae..0b0b2e80 100644 --- a/tests/pkd/pkd_keyutil.h +++ b/tests/pkd/pkd_keyutil.h @@ -32,12 +32,14 @@ void cleanup_ecdsa_keys(void); #define OPENSSH_CA_TESTKEY "libssh_testkey.ca" #define DROPBEAR_RSA_TESTKEY "dropbear_testkey.id_rsa" +#define DROPBEAR_ECDSA256_TESTKEY "dropbear_testkey.id_ecdsa256" +#define DROPBEAR_ED25519_TESTKEY "dropbear_testkey.id_ed25519" void setup_openssh_client_keys(void); void cleanup_openssh_client_keys(void); -void setup_dropbear_client_rsa_key(void); -void cleanup_dropbear_client_rsa_key(void); +void setup_dropbear_client_keys(void); +void cleanup_dropbear_client_keys(void); #define cleanup_file(name) do {\ if (access((name), F_OK) != -1) {\