pki: Use constant for minimal RSA key size in FIPS

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
coverage: Ignore parse errors again
2026-02-04 12:20:42 +09:00 · 2025-11-06 16:25:25 +01:00 · 2025-11-06 16:25:25 +01:00 · 2025-11-06 16:25:25 +01:00 · 2025-11-06 16:25:25 +01:00 · 2025-11-06 16:25:25 +01:00
12 changed files with 102 additions and 94 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -199,7 +199,7 @@ if (WITH_COVERAGE)
        NAME "coverage"
        EXECUTABLE make test
        DEPENDENCIES ssh tests)
-    set(GCOVR_ADDITIONAL_ARGS --xml-pretty --exclude-unreachable-branches --print-summary)
+    set(GCOVR_ADDITIONAL_ARGS --xml-pretty --exclude-unreachable-branches --print-summary --gcov-ignore-parse-errors)
    setup_target_for_coverage_gcovr_xml(
        NAME "coverage_xml"
        EXECUTABLE make test
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -46,8 +46,9 @@
 #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
 #define MAX_PRIVKEY_SIZE 0x400000 /* 4M */

-#define RSA_MIN_KEY_SIZE 768
-#define RSA_DEFAULT_KEY_SIZE 3072
+#define RSA_MIN_KEY_SIZE      1024
+#define RSA_MIN_FIPS_KEY_SIZE 2048
+#define RSA_DEFAULT_KEY_SIZE  3072

 #define SSH_KEY_FLAG_EMPTY   0x0
 #define SSH_KEY_FLAG_PUBLIC  0x0001
--- a/include/libssh/ssh2.h
+++ b/include/libssh/ssh2.h
@@ -16,8 +16,6 @@
 #define SSH2_MSG_KEXDH_REPLY 31
 #define SSH2_MSG_KEX_ECDH_INIT 30
 #define SSH2_MSG_KEX_ECDH_REPLY 31
-#define SSH2_MSG_ECMQV_INIT 30
-#define SSH2_MSG_ECMQV_REPLY 31
 #define SSH2_MSG_KEX_HYBRID_INIT 30
 #define SSH2_MSG_KEX_HYBRID_REPLY 31

--- a/src/kex.c
+++ b/src/kex.c
@@ -174,9 +174,9 @@
 #define CHACHA20 "chacha20-poly1305@openssh.com,"

 #define DEFAULT_KEY_EXCHANGE \
-    CURVE25519 \
-    SNTRUP761X25519 \
    MLKEM768X25519 \
+    SNTRUP761X25519 \
+    CURVE25519 \
    ECDH \
    "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
    GEX_SHA256 \
--- a/src/options.c
+++ b/src/options.c
@@ -593,10 +593,10 @@ int ssh_options_set_algo(ssh_session session,
 *              - SSH_OPTIONS_RSA_MIN_SIZE
 *                Set the minimum RSA key size in bits to be accepted by the
 *                client for both authentication and hostkey verification.
- *                The values under 768 bits are not accepted even with this
+ *                The values under 1024 bits are not accepted even with this
 *                configuration option as they are considered completely broken.
 *                Setting 0 will revert the value to defaults.
- *                Default is 1024 bits or 2048 bits in FIPS mode.
+ *                Default is 3072 bits or 2048 bits in FIPS mode.
 *                (int)

 *              - SSH_OPTIONS_IDENTITY_AGENT
@@ -2201,11 +2201,11 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
 *                      - SSH_BIND_OPTIONS_RSA_MIN_SIZE
 *                        Set the minimum RSA key size in bits to be accepted by
 *                        the server for both authentication and hostkey
- *                        operations. The values under 768 bits are not accepted
+ *                        operations. The values under 1024 bits are not accepted
 *                        even with this configuration option as they are
 *                        considered completely broken. Setting 0 will revert
 *                        the value to defaults.
- *                        Default is 1024 bits or 2048 bits in FIPS mode.
+ *                        Default is 3072 bits or 2048 bits in FIPS mode.
 *                        (int)
 *
 *
--- a/src/packet.c
+++ b/src/packet.c
@@ -352,7 +352,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
        break;
    case SSH2_MSG_KEXDH_INIT:                         // 30
      // SSH2_MSG_KEX_ECDH_INIT:                      // 30
-      // SSH2_MSG_ECMQV_INIT:                         // 30
+      // SSH2_MSG_KEX_HYBRID_INIT:                    // 30
      // SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:             // 30

        /* Server only */
@@ -388,7 +388,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
        break;
    case SSH2_MSG_KEXDH_REPLY:                        // 31
      // SSH2_MSG_KEX_ECDH_REPLY:                     // 31
-      // SSH2_MSG_ECMQV_REPLY:                        // 31
+      // SSH2_MSG_KEX_HYBRID_REPLY:                   // 31
      // SSH2_MSG_KEX_DH_GEX_GROUP:                   // 31

        /* Client only */
--- a/src/pki.c
+++ b/src/pki.c
@@ -449,9 +449,9 @@ bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)

    if (min_size < RSA_MIN_KEY_SIZE) {
        if (ssh_fips_mode()) {
-            min_size = 2048;
+            min_size = RSA_MIN_FIPS_KEY_SIZE;
        } else {
-            min_size = 1024;
+            min_size = RSA_MIN_KEY_SIZE;
        }
    }
    return (key_size >= min_size);
--- a/tests/client/torture_get_kex_algo.c
+++ b/tests/client/torture_get_kex_algo.c
@@ -11,6 +11,9 @@
 #define DIFFIE_HELLMAN_GROUP_14_SHA_1 "diffie-hellman-group14-sha1"
 #define KEX_DH_GEX_SHA1 "diffie-hellman-group-exchange-sha1"
 #define KEX_DH_GEX_SHA256 "diffie-hellman-group-exchange-sha256"
+#define SNTRUP761X25519 "sntrup761x25519-sha512"
+#define SNTRUP761X25519_OPENSSH "sntrup761x25519-sha512@openssh.com"
+#define MLKEM768X25519 "mlkem768x25519-sha256"

 static int sshd_setup(void **state)
 {
@@ -71,6 +74,9 @@ static void torture_kex_basic_functionality(void **state)
    ssh_session session = NULL;
    const char *kex_algo = NULL;
    const char *valid_algorithms[] = {
+        SNTRUP761X25519,
+        SNTRUP761X25519_OPENSSH,
+        MLKEM768X25519,
        CURVE25519_SHA256,
        ECDH_SHA2_NISTP256,
        DIFFIE_HELLMAN_GROUP_14_SHA_1,
--- a/tests/pkd/pkd_hello.c
+++ b/tests/pkd/pkd_hello.c
@@ -222,10 +222,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {

 #define PKDTESTS_DEFAULT(f, client, cmd) \
    /* Default passes by server key type. */ \
-    PKDTESTS_DEFAULT_FIPS(f, client, cmd)
-
-#define PKDTESTS_DEFAULT_OPENSSHONLY(f, client, cmd) \
-    /* Default passes by server key type. */ \
+    PKDTESTS_DEFAULT_FIPS(f, client, cmd) \
    f(client, ed25519_default,    cmd,  setup_ed25519,    teardown)

 #define GEX_SHA256 "diffie-hellman-group-exchange-sha256"
@@ -291,7 +288,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
    f(client, rsa_sntrup761x25519_sha512_openssh_com,       kexcmd(SNTRUP_OPENSSH_NAME), setup_rsa,       teardown) \
    f(client, ecdsa_256_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_256, teardown) \
    f(client, ecdsa_384_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_384, teardown) \
-    f(client, ecdsa_521_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_521, teardown)
+    f(client, ecdsa_521_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_521, teardown) \
+    f(client, ed25519_sntrup761x25519_sha512_openssh_com,   kexcmd(SNTRUP_OPENSSH_NAME), setup_ed25519,   teardown)
 #else
 #define PKDTESTS_KEX_SNTRUP761_OPENSSH(f, client, kexcmd)
 #endif
@@ -302,7 +300,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
    f(client, rsa_sntrup761x25519_sha512,                   kexcmd(SNTRUP_NAME),         setup_rsa,       teardown) \
    f(client, ecdsa_256_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_256, teardown) \
    f(client, ecdsa_384_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_384, teardown) \
-    f(client, ecdsa_521_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_521, teardown)
+    f(client, ecdsa_521_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ecdsa_521, teardown) \
+    f(client, ed25519_sntrup761x25519_sha512,               kexcmd(SNTRUP_NAME),         setup_ed25519,   teardown)
 #else
 #define PKDTESTS_KEX_SNTRUP761(f, client, kexcmd)
 #endif
@@ -312,7 +311,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
    f(client, rsa_mlkem768x25519_sha256,       kexcmd("mlkem768x25519-sha256"), setup_rsa,       teardown) \
    f(client, ecdsa_256_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_256, teardown) \
    f(client, ecdsa_384_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_384, teardown) \
-    f(client, ecdsa_521_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_521, teardown)
+    f(client, ecdsa_521_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_521, teardown) \
+    f(client, ed25519_mlkem768x25519_sha256,   kexcmd("mlkem768x25519-sha256"), setup_ed25519,   teardown)
 #else
 #define PKDTESTS_KEX_MLKEM768(f, client, kexcmd)
 #endif
@@ -351,35 +351,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #else
 #define PKDTESTS_KEX(f, client, kexcmd) \
    /* Kex algorithms. */ \
-    PKDTESTS_KEX_COMMON(f, client, kexcmd)
-#endif
-
-#ifdef OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM
-#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) \
-    f(client, ed25519_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ed25519, teardown)
-#else
-#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd)
-#endif
-
-#ifdef OPENSSH_SNTRUP761X25519_SHA512
-#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) \
-    f(client, ed25519_sntrup761x25519_sha512,             kexcmd(SNTRUP_NAME),         setup_ed25519, teardown)
-#else
-#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd)
-#endif
-
-#if defined(HAVE_MLKEM) && defined(OPENSSH_MLKEM768X25519_SHA256)
-#define PKDTESTS_KEX_OPENSSHONLY_MLKEM768(f, client, kexcmd) \
-    f(client, ed25519_mlkem768x25519_sha256,              kexcmd("mlkem768x25519-sha256"), setup_ed25519, teardown)
-#else
-#define PKDTESTS_KEX_OPENSSHONLY_MLKEM768(f, client, kexcmd)
-#endif
-
-#define PKDTESTS_KEX_OPENSSHONLY(f, client, kexcmd) \
-    /* Kex algorithms. */ \
-    PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) \
-    PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) \
-    PKDTESTS_KEX_OPENSSHONLY_MLKEM768(f, client, kexcmd) \
    f(client, ed25519_curve25519_sha256,              kexcmd("curve25519-sha256"),             setup_ed25519,    teardown) \
    f(client, ed25519_curve25519_sha256_libssh_org,   kexcmd("curve25519-sha256@libssh.org"),  setup_ed25519,    teardown) \
    f(client, ed25519_ecdh_sha2_nistp256,             kexcmd("ecdh-sha2-nistp256"),            setup_ed25519,    teardown) \
@@ -391,8 +362,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
    f(client, ed25519_diffie_hellman_group1_sha1,     kexcmd("diffie-hellman-group1-sha1"),    setup_ed25519,    teardown) \
    f(client, ed25519_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256),                setup_ed25519,    teardown) \
    f(client, ed25519_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1),                    setup_ed25519,    teardown)
-
-#define CHACHA20 "chacha20-poly1305@openssh.com"
+#endif

 #define PKDTESTS_CIPHER_COMMON(f, client, ciphercmd) \
    f(client, rsa_aes128_ctr,          ciphercmd("aes128-ctr"),    setup_rsa,        teardown) \
@@ -415,6 +385,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
    f(client, ecdsa_521_aes128_cbc,    ciphercmd("aes128-cbc"),    setup_ecdsa_521,  teardown) \
    f(client, ecdsa_521_aes256_cbc,    ciphercmd("aes256-cbc"),    setup_ecdsa_521,  teardown)

+#define CHACHA20 "chacha20-poly1305@openssh.com"
 #define PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd) \
    f(client, rsa_chacha20,            ciphercmd(CHACHA20),        setup_rsa,        teardown) \
    f(client, ed25519_chacha20,        ciphercmd(CHACHA20),        setup_ed25519,    teardown) \
@@ -425,7 +396,9 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #define PKDTESTS_CIPHER(f, client, ciphercmd) \
    /* Ciphers. */ \
    PKDTESTS_CIPHER_COMMON(f, client, ciphercmd) \
-    PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd)
+    PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd) \
+    f(client, ed25519_aes128_ctr,      ciphercmd("aes128-ctr"),    setup_ed25519,    teardown) \
+    f(client, ed25519_aes256_ctr,      ciphercmd("aes256-ctr"),    setup_ed25519,    teardown)

 #define AES128_GCM "aes128-gcm@openssh.com"
 #define AES256_GCM "aes256-gcm@openssh.com"
@@ -450,9 +423,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
    f(client, rsa_aes192_ctr,          ciphercmd("aes192-ctr"),    setup_rsa,        teardown) \
    f(client, ed25519_3des_cbc,        ciphercmd("3des-cbc"),      setup_ed25519,    teardown) \
    f(client, ed25519_aes128_cbc,      ciphercmd("aes128-cbc"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes128_ctr,      ciphercmd("aes128-ctr"),    setup_ed25519,    teardown) \
    f(client, ed25519_aes256_cbc,      ciphercmd("aes256-cbc"),    setup_ed25519,    teardown) \
-    f(client, ed25519_aes256_ctr,      ciphercmd("aes256-ctr"),    setup_ed25519,    teardown) \
    f(client, ed25519_aes192_cbc,      ciphercmd("aes192-cbc"),    setup_ed25519,    teardown) \
    f(client, ed25519_aes192_ctr,      ciphercmd("aes192-ctr"),    setup_ed25519,    teardown) \
    f(client, ed25519_aes128_gcm,      ciphercmd(AES128_GCM),      setup_ed25519,    teardown) \
@@ -489,7 +460,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
 #ifdef DROPBEAR_SUPPORTS_HMAC_SHA1
 #define PKDTESTS_MAC_FIPS(f, client, maccmd)  \
    PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) \
-    PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd)
+    PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd) \
+    f(client, ed25519_hmac_sha1,            maccmd("hmac-sha1"),                      setup_ed25519,    teardown)
 #define PKDTESTS_MAC_OPENSSHONLY_FIPS_SHA1(f, client, maccmd)
 #else
 #define PKDTESTS_MAC_FIPS(f, client, maccmd) \
@@ -519,12 +491,12 @@ static int torture_pkd_setup_ecdsa_521(void **state) {

 #define PKDTESTS_MAC(f, client, maccmd) \
    /* MACs. */ \
-    PKDTESTS_MAC_FIPS(f, client, maccmd)
+    PKDTESTS_MAC_FIPS(f, client, maccmd) \
+    f(client, ed25519_hmac_sha2_256,        maccmd("hmac-sha2-256"),                  setup_ed25519,    teardown)
+
 #define PKDTESTS_MAC_OPENSSHONLY(f, client, maccmd) \
    PKDTESTS_MAC_OPENSSHONLY_FIPS(f, client, maccmd) \
-    f(client, ed25519_hmac_sha1,            maccmd("hmac-sha1"),                      setup_ed25519,    teardown) \
    f(client, ed25519_hmac_sha1_etm,        maccmd("hmac-sha1-etm@openssh.com"),      setup_ed25519,    teardown) \
-    f(client, ed25519_hmac_sha2_256,        maccmd("hmac-sha2-256"),                  setup_ed25519,    teardown) \
    f(client, ed25519_hmac_sha2_256_etm,    maccmd("hmac-sha2-256-etm@openssh.com"),  setup_ed25519,    teardown) \
    f(client, ed25519_hmac_sha2_512,        maccmd("hmac-sha2-512"),                  setup_ed25519,    teardown) \
    f(client, ed25519_hmac_sha2_512_etm,    maccmd("hmac-sha2-512-etm@openssh.com"),  setup_ed25519,    teardown)
@@ -587,9 +559,7 @@ static void torture_pkd_runtest(const char *testname,
 PKDTESTS_DEFAULT(emit_keytest, openssh_rsa, OPENSSH_CMD)
 PKDTESTS_DEFAULT(emit_keytest, openssh_cert_rsa, OPENSSH_CERT_CMD)
 PKDTESTS_DEFAULT(emit_keytest, openssh_sha256_cert_rsa, OPENSSH_SHA256_CERT_CMD)
-PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CMD)
 PKDTESTS_KEX(emit_keytest, openssh_rsa, OPENSSH_KEX_CMD)
-PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_KEX_CMD)
 PKDTESTS_CIPHER(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
 PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
 PKDTESTS_MAC(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
@@ -600,9 +570,7 @@ PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD)
 #define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY
 PKDTESTS_DEFAULT(emit_keytest, openssh_e256, OPENSSH_CMD)
 PKDTESTS_DEFAULT(emit_keytest, openssh_cert_e256, OPENSSH_CERT_CMD)
-PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_CMD)
 PKDTESTS_KEX(emit_keytest, openssh_e256, OPENSSH_KEX_CMD)
-PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_KEX_CMD)
 PKDTESTS_CIPHER(emit_keytest, openssh_e256, OPENSSH_CIPHER_CMD)
 PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_CIPHER_CMD)
 PKDTESTS_MAC(emit_keytest, openssh_e256, OPENSSH_MAC_CMD)
@@ -616,9 +584,7 @@ PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_MAC_CMD)
 #define CLIENT_ID_FILE OPENSSH_ED25519_TESTKEY
 PKDTESTS_DEFAULT(emit_keytest, openssh_ed, OPENSSH_CMD)
 PKDTESTS_DEFAULT(emit_keytest, openssh_cert_ed, OPENSSH_CERT_CMD)
-PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_CMD)
 PKDTESTS_KEX(emit_keytest, openssh_ed, OPENSSH_KEX_CMD)
-PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_KEX_CMD)
 PKDTESTS_CIPHER(emit_keytest, openssh_ed, OPENSSH_CIPHER_CMD)
 PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_CIPHER_CMD)
 PKDTESTS_MAC(emit_keytest, openssh_ed, OPENSSH_MAC_CMD)
@@ -626,9 +592,21 @@ PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_MAC_CMD)
 #undef CLIENT_ID_FILE

 #define CLIENT_ID_FILE DROPBEAR_RSA_TESTKEY
-PKDTESTS_DEFAULT(emit_keytest, dropbear, DROPBEAR_CMD)
-PKDTESTS_CIPHER(emit_keytest, dropbear, DROPBEAR_CIPHER_CMD)
-PKDTESTS_MAC(emit_keytest, dropbear, DROPBEAR_MAC_CMD)
+PKDTESTS_DEFAULT(emit_keytest, dropbear_rsa, DROPBEAR_CMD)
+PKDTESTS_CIPHER(emit_keytest, dropbear_rsa, DROPBEAR_CIPHER_CMD)
+PKDTESTS_MAC(emit_keytest, dropbear_rsa, DROPBEAR_MAC_CMD)
+#undef CLIENT_ID_FILE
+
+#define CLIENT_ID_FILE DROPBEAR_ECDSA256_TESTKEY
+PKDTESTS_DEFAULT(emit_keytest, dropbear_e256, DROPBEAR_CMD)
+PKDTESTS_CIPHER(emit_keytest, dropbear_e256, DROPBEAR_CIPHER_CMD)
+PKDTESTS_MAC(emit_keytest, dropbear_e256, DROPBEAR_MAC_CMD)
+#undef CLIENT_ID_FILE
+
+#define CLIENT_ID_FILE DROPBEAR_ED25519_TESTKEY
+PKDTESTS_DEFAULT(emit_keytest, dropbear_ed, DROPBEAR_CMD)
+PKDTESTS_CIPHER(emit_keytest, dropbear_ed, DROPBEAR_CIPHER_CMD)
+PKDTESTS_MAC(emit_keytest, dropbear_ed, DROPBEAR_MAC_CMD)
 #undef CLIENT_ID_FILE

 /*
@@ -658,9 +636,7 @@ struct {
    PKDTESTS_DEFAULT(emit_testmap, openssh_rsa, OPENSSH_CMD)
    PKDTESTS_DEFAULT(emit_testmap, openssh_cert_rsa, OPENSSH_CERT_CMD)
    PKDTESTS_DEFAULT(emit_testmap, openssh_sha256_cert_rsa, OPENSSH_SHA256_CERT_CMD)
-    PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CMD)
    PKDTESTS_KEX(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD)
-    PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD)
    PKDTESTS_CIPHER(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD)
    PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD)
    PKDTESTS_MAC(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
@@ -669,9 +645,7 @@ struct {

    PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD)
    PKDTESTS_DEFAULT(emit_testmap, openssh_cert_e256, OPENSSH_CERT_CMD)
-    PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD)
    PKDTESTS_KEX(emit_testmap, openssh_e256, OPENSSH_KEX_CMD)
-    PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_KEX_CMD)
    PKDTESTS_CIPHER(emit_testmap, openssh_e256, OPENSSH_CIPHER_CMD)
    PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CIPHER_CMD)
    PKDTESTS_MAC(emit_testmap, openssh_e256, OPENSSH_MAC_CMD)
@@ -679,18 +653,24 @@ struct {

    PKDTESTS_DEFAULT(emit_testmap, openssh_ed, OPENSSH_CMD)
    PKDTESTS_DEFAULT(emit_testmap, openssh_cert_ed, OPENSSH_CERT_CMD)
-    PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_CMD)
    PKDTESTS_KEX(emit_testmap, openssh_ed, OPENSSH_KEX_CMD)
-    PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_KEX_CMD)
    PKDTESTS_CIPHER(emit_testmap, openssh_ed, OPENSSH_CIPHER_CMD)
    PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_CIPHER_CMD)
    PKDTESTS_MAC(emit_testmap, openssh_ed, OPENSSH_MAC_CMD)
    PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_MAC_CMD)

    /* Dropbear */
-    PKDTESTS_DEFAULT(emit_testmap, dropbear, DROPBEAR_CMD)
-    PKDTESTS_CIPHER(emit_testmap, dropbear, DROPBEAR_CIPHER_CMD)
-    PKDTESTS_MAC(emit_testmap, dropbear, DROPBEAR_MAC_CMD)
+    PKDTESTS_DEFAULT(emit_testmap, dropbear_rsa, DROPBEAR_CMD)
+    PKDTESTS_CIPHER(emit_testmap, dropbear_rsa, DROPBEAR_CIPHER_CMD)
+    PKDTESTS_MAC(emit_testmap, dropbear_rsa, DROPBEAR_MAC_CMD)
+
+    PKDTESTS_DEFAULT(emit_testmap, dropbear_e256, DROPBEAR_CMD)
+    PKDTESTS_CIPHER(emit_testmap, dropbear_e256, DROPBEAR_CIPHER_CMD)
+    PKDTESTS_MAC(emit_testmap, dropbear_e256, DROPBEAR_MAC_CMD)
+
+    PKDTESTS_DEFAULT(emit_testmap, dropbear_ed, DROPBEAR_CMD)
+    PKDTESTS_CIPHER(emit_testmap, dropbear_ed, DROPBEAR_CIPHER_CMD)
+    PKDTESTS_MAC(emit_testmap, dropbear_ed, DROPBEAR_MAC_CMD)

    /* Noop */
    emit_testmap(client, noop, "", setup_noop, teardown)
@@ -713,7 +693,6 @@ static int pkd_run_tests(void) {
        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_rsa, OPENSSH_CERT_CMD)
        PKDTESTS_DEFAULT_FIPS(emit_unit_test_comma, openssh_sha256_cert_rsa,
                              OPENSSH_SHA256_CERT_CMD)
-        PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_rsa, OPENSSH_CMD)
        PKDTESTS_KEX(emit_unit_test_comma, openssh_rsa, OPENSSH_KEX_CMD)
        PKDTESTS_CIPHER(emit_unit_test_comma, openssh_rsa, OPENSSH_CIPHER_CMD)
        PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_rsa, OPENSSH_CIPHER_CMD)
@@ -722,7 +701,6 @@ static int pkd_run_tests(void) {

        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_e256, OPENSSH_CMD)
        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_e256, OPENSSH_CERT_CMD)
-        PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_e256, OPENSSH_CMD)
        PKDTESTS_KEX(emit_unit_test_comma, openssh_e256, OPENSSH_KEX_CMD)
        PKDTESTS_CIPHER(emit_unit_test_comma, openssh_e256, OPENSSH_CIPHER_CMD)
        PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_e256, OPENSSH_CIPHER_CMD)
@@ -731,7 +709,6 @@ static int pkd_run_tests(void) {

        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_ed, OPENSSH_CMD)
        PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_ed, OPENSSH_CERT_CMD)
-        PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_ed, OPENSSH_CMD)
        PKDTESTS_KEX(emit_unit_test_comma, openssh_ed, OPENSSH_KEX_CMD)
        PKDTESTS_CIPHER(emit_unit_test_comma, openssh_ed, OPENSSH_CIPHER_CMD)
        PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_ed, OPENSSH_CIPHER_CMD)
@@ -744,9 +721,17 @@ static int pkd_run_tests(void) {
     * through cli (see 'man dbclient')
     */
    const struct CMUnitTest dropbear_tests[] = {
-        PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear, DROPBEAR_CMD)
-        PKDTESTS_CIPHER(emit_unit_test_comma, dropbear, DROPBEAR_CIPHER_CMD)
-        PKDTESTS_MAC(emit_unit_test_comma, dropbear, DROPBEAR_MAC_CMD)
+        PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear_rsa, DROPBEAR_CMD)
+        PKDTESTS_CIPHER(emit_unit_test_comma, dropbear_rsa, DROPBEAR_CIPHER_CMD)
+        PKDTESTS_MAC(emit_unit_test_comma, dropbear_rsa, DROPBEAR_MAC_CMD)
+
+        PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear_e256, DROPBEAR_CMD)
+        PKDTESTS_CIPHER(emit_unit_test_comma, dropbear_e256, DROPBEAR_CIPHER_CMD)
+        PKDTESTS_MAC(emit_unit_test_comma, dropbear_e256, DROPBEAR_MAC_CMD)
+
+        PKDTESTS_DEFAULT(emit_unit_test_comma, dropbear_ed, DROPBEAR_CMD)
+        PKDTESTS_CIPHER(emit_unit_test_comma, dropbear_ed, DROPBEAR_CIPHER_CMD)
+        PKDTESTS_MAC(emit_unit_test_comma, dropbear_ed, DROPBEAR_MAC_CMD)
    };

    const struct CMUnitTest openssh_fips_tests[] = {
@@ -791,7 +776,7 @@ static int pkd_run_tests(void) {
    }

    if (is_dropbear_client_enabled()) {
-        setup_dropbear_client_rsa_key();
+        setup_dropbear_client_keys();
        if (!ssh_fips_mode()) {
            memcpy(&all_tests[tindex], &dropbear_tests[0], sizeof(dropbear_tests));
            tindex += (sizeof(dropbear_tests) / sizeof(dropbear_tests[0]));
@@ -843,7 +828,7 @@ static int pkd_run_tests(void) {

    /* Clean up client keys for each enabled client. */
    if (is_dropbear_client_enabled()) {
-        cleanup_dropbear_client_rsa_key();
+        cleanup_dropbear_client_keys();
    }

    if (is_openssh_client_enabled()) {
--- a/tests/pkd/pkd_keyutil.c
+++ b/tests/pkd/pkd_keyutil.c
@@ -167,15 +167,31 @@ void cleanup_openssh_client_keys(void) {
    }
 }

-void setup_dropbear_client_rsa_key(void) {
+void setup_dropbear_client_keys(void)
+{
    int rc = 0;
    if (access(DROPBEAR_RSA_TESTKEY, F_OK) != 0) {
        rc = system_checked(DROPBEAR_KEYGEN " -t rsa -f "
                            DROPBEAR_RSA_TESTKEY " 1>/dev/null 2>/dev/null");
    }
    assert_int_equal(rc, 0);
+    if (access(DROPBEAR_ECDSA256_TESTKEY, F_OK) != 0) {
+        rc = system_checked(DROPBEAR_KEYGEN " -t ecdsa -f "
+                            DROPBEAR_ECDSA256_TESTKEY
+                            " 1>/dev/null 2>/dev/null");
+    }
+    assert_int_equal(rc, 0);
+    if (access(DROPBEAR_ED25519_TESTKEY, F_OK) != 0) {
+        rc = system_checked(DROPBEAR_KEYGEN " -t ed25519 -f "
+                            DROPBEAR_ED25519_TESTKEY
+                            " 1>/dev/null 2>/dev/null");
+    }
+    assert_int_equal(rc, 0);
 }

-void cleanup_dropbear_client_rsa_key(void) {
-    unlink(DROPBEAR_RSA_TESTKEY);
+void cleanup_dropbear_client_keys(void)
+{
+    cleanup_key(DROPBEAR_RSA_TESTKEY);
+    cleanup_key(DROPBEAR_ECDSA256_TESTKEY);
+    cleanup_key(DROPBEAR_ED25519_TESTKEY);
 }
--- a/tests/pkd/pkd_keyutil.h
+++ b/tests/pkd/pkd_keyutil.h
@@ -32,12 +32,14 @@ void cleanup_ecdsa_keys(void);
 #define OPENSSH_CA_TESTKEY        "libssh_testkey.ca"

 #define DROPBEAR_RSA_TESTKEY      "dropbear_testkey.id_rsa"
+#define DROPBEAR_ECDSA256_TESTKEY "dropbear_testkey.id_ecdsa256"
+#define DROPBEAR_ED25519_TESTKEY  "dropbear_testkey.id_ed25519"

 void setup_openssh_client_keys(void);
 void cleanup_openssh_client_keys(void);

-void setup_dropbear_client_rsa_key(void);
-void cleanup_dropbear_client_rsa_key(void);
+void setup_dropbear_client_keys(void);
+void cleanup_dropbear_client_keys(void);

 #define cleanup_file(name) do {\
    if (access((name), F_OK) != -1) {\
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -283,9 +283,9 @@ static void torture_options_get_key_exchange(void **state)
    } else {
 #ifdef HAVE_MLKEM
        assert_string_equal(value,
-                            "curve25519-sha256,curve25519-sha256@libssh.org,"
-                            "sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,"
                            "mlkem768x25519-sha256,"
+                            "sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,"
+                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                            "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
                            "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
                            "diffie-hellman-group16-sha512,"
@@ -293,9 +293,9 @@ static void torture_options_get_key_exchange(void **state)
                            "diffie-hellman-group14-sha256");
 #else
        assert_string_equal(value,
-                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                            "sntrup761x25519-sha512,"
                            "sntrup761x25519-sha512@openssh.com,"
+                            "curve25519-sha256,curve25519-sha256@libssh.org,"
                            "ecdh-sha2-nistp256,ecdh-sha2-nistp384,"
                            "ecdh-sha2-nistp521,diffie-hellman-group18-sha512,"
                            "diffie-hellman-group16-sha512,"
Author	SHA1	Message	Date
Jakub Jelen	63fbf00efe	pki: Use constant for minimal RSA key size in FIPS Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	ae33ced0dc	coverage: Ignore parse errors again Without this, the gcov is crashing with some suspicious coverage reports on functions like `uint32_divmod_uint14()` from internal sntrup implementation. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	ee6e2c69e1	Bump minimal RSA key size to 1024 Fixes: #326 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	cefc4f8c97	pkd: Run tests with ecdsa and ed25519 keys with dropbear Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	b64e7f67d3	pkd: Run ed25519 tests with dropbear Resolves: #336 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:25:25 +01:00
Jakub Jelen	491cd81a32	kex: Place PQC KEX methods first The ML-KEMx25519 is now preferred algorithm in OpenSSH so follow the suit Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:24:47 +01:00
Jakub Jelen	3444f4c449	Remove references to (unused) pre-release ssh messages SSH2_MSG_ECMQV_* Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>	2025-11-06 16:24:47 +01:00