The implementation largely follows that of sntrup761x25519-sha512.
Most of the work was done by Sahana with the help of Claude,
Pavol provided fixes to match specs and did a final clean up.
Co-Authored-By: Sahana Prasad <sahana@redhat.com>
Co-Authored-By: Pavol Žáčik <pzacik@redhat.com>
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This was initially in hurry disabled in
ca4c874a9e because dropbear dropped support for
these HMACs. The follow-up commit enabled running these tests on old dropbear in
c17112f070, but still did not run them on openssh,
when the new dropbear was installed.
This fixes up the above commit to run the HMAC-SHA1 tests with OpenSSH even if
the new dropbear is installed.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
All of the initial work was done by Simon. Jakub cleaned up the
formatting issues, resolved the padding of bignum to match specs
and be interoperable with OpenSSH (and few more minor details).
Closes: #194.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Solving issue #110. The original work is at !231
Some changes were needed because the newly added features in master through time
Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com>
Signed-off-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Adjust some subtle usage of argv string handling in the pkd
test options: rather than conditionally overwrite the two
mkdtemp strings with a newly-allocated buffer to be later
freed, keep the original const argv pointer around in its
own dedicated field.
See also these changes in the same area that were due to the
previous arrangement, which was a bit too subtle:
- 61ce3310b864802a101cb01ff103f0bc2da936e6
- e1a8b359c1
Addresses:
- https://gitlab.com/libssh/libssh-mirror/-/merge_requests/320#note_1173911211
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Teach `pkd` a new flag `-L, --temp-dir=<mkdtemp-template>` to enable
behavior whereby `pkd` creates a new temporary directory and uses it
for a workspace while running.
The original design of `pkd` assumed that it could freely use the
current working directory from wherever it happened to be invoked.
But, this could pose a problem when multiple `pkd` instances are run
in parallel from the same working directory, due to the usage of
various temporary files within that directory.
To avoid the problem of multiple `pkd` instances interfering with
each other, expose a `-L` flag for optionally specifying a `mkdtemp`
template string such that a temporary scratch space is used instead.
Testing notes:
- I ran handfuls of iterations locally using the new flag
and observed `pkd` is indeed using scratch space as desired.
Resolves https://gitlab.com/libssh/libssh-mirror/-/issues/143.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
In e1a8b359c1 a missing `free` was
added to `pkd_cleanup_socket_wrapper` to free a string allocated
for the socket wrapper directory name.
Move that `free` such that it also runs in the error-out paths in
`pkd_cleanup_socket_wrapper`, to avoid a leak in those cases, too.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
These are disabled in latest since Dropbear 2020.79, while
older do not support anything better than aes-ctr ciphers.
We should implement some dynamic algorithm detection for dropbear
too to increase test coverage.
https://bugs.libssh.org/T252
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This was introduced during fixes to run pkd tests in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Use only allowed algorithms in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Support an optional --rekey input to set the SSH session rekey data
limit using SSH_OPTIONS_REKEY_DATA. This flag can be used together
with --buffer to test out server rekeying.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Support an optional --buffer input for the pkd tests to enable testing
with a larger payload than the default "hello\n".
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Move the pkd test payload buffer into the arguments struct, to make
way for parameterizing the payload using command-line options.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Add four passes to the pkd tests to exercise codepaths where an
OpenSSH client requests these HostKeyAlgorithms combinations:
* rsa-sha2-256
* rsa-sha2-512
* rsa-sha2-256,rsa-sha2-512
* rsa-sha2-512,rsa-sha2-256
The tests demonstrate that the third combination currently fails:
libssh ends up choosing `rsa-sha2-512` instead of `rsa-sha2-256`,
and the initial exchange fails on the client side citing a signature
failure.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
tests/pkd/pkd_hello.c:743:12: error: assuming signed overflow does not
occur when simplifying conditional to constant [-Werror=strict-overflow]
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This adds support for the ed25519 keys in the pkd framework and adds
openssh-only tests utilizing these host keys (dropbear does not support
them yet).
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Support for the `blowfish-cbc` cipher has been removed from OpenSSH
as of version 7.6. Remove this cipher from the pkd tests so that
the tests will pass together with a modern OpenSSH client.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Use the socket_wrapper preload shim when running the `pkd_hello`
test with `make test`. The end goal here is to get this test
running alongside normal tests in regular CI. Changes to do
this:
* Configure PKD_ENVIRONMENT for the `pkd_hello_i1` test in the
CMakeLists.txt file.
* Add a `--socket-wrapper-dir|-w` flag that is used to opt-in to
initializing a SOCKET_WRAPPER_DIR as expected by the socket_wrapper
library.
A runtime flag is used here to make it easy to run `pkd_hello`
with the socket_wrapper library while avoiding a hard dependency.
Testing done: observed socker_wrapper in effect with `strace`;
running `make test` uses the wrapper correctly on my local
machine.
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
