shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-04 12:20:42 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
64ef3fefb4d1ab61ba9dadf69eccb631142016c2
libssh/tests/CMakeLists.txt
Jakub Jelen 64ef3fefb4 Rework the coverage build 
This reworks it to avoid a need to special build type and adding the flags only
to the targets that need it (skipping testing wrappers which break with them).

It also updates the CodeCoverage module from the following URL:

https://github.com/bilke/cmake-modules/blob/master/CodeCoverage.cmake

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2024-03-08 13:34:23 +01:00

367 lines
17 KiB
CMake
Raw Blame History

project(libssh-tests C)
if (BSD OR SOLARIS OR OSX)
find_package(Argp)
endif (BSD OR SOLARIS OR OSX)
set(TORTURE_LIBRARY torture)
include_directories(${CMOCKA_INCLUDE_DIR}
${libssh_BINARY_DIR}/include
${libssh_BINARY_DIR}
${libssh_SOURCE_DIR}/src
${CMAKE_SOURCE_DIR}/include
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_BINARY_DIR}/tests)
set(TORTURE_LINK_LIBRARIES
${CMOCKA_LIBRARY}
ssh::static)
# create test library
add_library(${TORTURE_LIBRARY}
STATIC
cmdline.c
torture.c
torture_key.c
torture_pki.c
torture_cmocka.c)
target_link_libraries(${TORTURE_LIBRARY} PRIVATE ${TORTURE_LINK_LIBRARIES})
target_compile_options(${TORTURE_LIBRARY} PRIVATE
-DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
)
if (WITH_COVERAGE)
append_coverage_compiler_flags_to_target(${TORTURE_LIBRARY})
endif (WITH_COVERAGE)
# The shared version of the library is only useful when client testing is
# enabled
if (CLIENT_TESTING)
# create shared test library
set(TORTURE_SHARED_LIBRARY torture_shared)
# Create a list of symbols that should be wrapped for override test
set(WRAP_SYMBOLS "")
list(APPEND WRAP_SYMBOLS
"-Wl,--wrap=chacha_keysetup"
"-Wl,--wrap=chacha_ivsetup"
"-Wl,--wrap=chacha_encrypt_bytes")
list(APPEND WRAP_SYMBOLS "-Wl,--wrap=poly1305_auth")
list(APPEND WRAP_SYMBOLS
"-Wl,--wrap=crypto_sign_ed25519_keypair"
"-Wl,--wrap=crypto_sign_ed25519"
"-Wl,--wrap=crypto_sign_ed25519_open")
list(APPEND WRAP_SYMBOLS
"-Wl,--wrap=crypto_scalarmult_base"
"-Wl,--wrap=crypto_scalarmult")
add_library(${TORTURE_SHARED_LIBRARY}
SHARED
cmdline.c
torture.c
torture_key.c
torture_pki.c
torture_cmocka.c
)
target_link_libraries(${TORTURE_SHARED_LIBRARY} PUBLIC
${CMOCKA_LIBRARY}
ssh::static
${WRAP_SYMBOLS}
)
target_compile_options(${TORTURE_SHARED_LIBRARY} PRIVATE
-DSSH_PING_EXECUTABLE="${CMAKE_CURRENT_BINARY_DIR}/ssh_ping"
-DTORTURE_SHARED
)
if (WITH_COVERAGE)
append_coverage_compiler_flags_to_target(${TORTURE_SHARED_LIBRARY})
endif (WITH_COVERAGE)
endif ()
if (ARGP_LIBRARIES)
target_link_libraries(${TORTURE_LIBRARY}
PUBLIC ${ARGP_LIBRARIES}
)
endif()
set(TEST_TARGET_LIBRARIES
${TORTURE_LIBRARY}
${TORTURE_LINK_LIBRARIES}
)
add_subdirectory(unittests)
# OpenSSH Capabilities are required for all unit tests
find_program(SSH_EXECUTABLE NAMES ssh)
if (SSH_EXECUTABLE)
execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR)
string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
set(OPENSSH_VERSION "${OPENSSH_VERSION_MAJOR}.${OPENSSH_VERSION_MINOR}")
if("${OPENSSH_VERSION}" VERSION_LESS "6.3")
# ssh - Q was introduced in 6.3
message("Version less than 6.3, hardcoding cipher list")
set(OPENSSH_CIPHERS "aes128-ctr\naes192-ctr\naes256-ctr\narcfour256\narcfour128\naes128-gcm@openssh.com\naes256-gcm@openssh.com\naes128-cbc\n3des-cbc\nblowfish-cbc\ncast128-cbc\naes192-cbc\naes256-cbc\narcfour\nrijndael-cbc@lysator.liu.se\n")
set(OPENSSH_MACS "hmac-md5-etm@openssh.com\nhmac-sha1-etm@openssh.com\numac-64-etm@openssh.com\numac-128-etm@openssh.com\nhmac-sha2-256-etm@openssh.com\nhmac-sha2-512-etm@openssh.com\nhmac-ripemd160-etm@openssh.com\nhmac-sha1-96-etm@openssh.com\nhmac-md5-96-etm@openssh.com\nhmac-md5\nhmac-sha1\numac-64@openssh.com\numac-128@openssh.com\nhmac-sha2-256\nhmac-sha2-512\nhmac-ripemd160\nhmac-ripemd160@openssh.com\nhmac-sha1-96\nhmac-md5-96\n")
set(OPENSSH_KEX "ecdh-sha2-nistp256\necdh-sha2-nistp384\necdh-sha2-nistp521\ndiffie-hellman-group-exchange-sha256\ndiffie-hellman-group-exchange-sha1\ndiffie-hellman-group14-sha1\ndiffie-hellman-group1-sha1\n")
set(OPENSSH_KEYS "ssh-rsa\necdsa-sha2-nistp256\n")
else()
execute_process(COMMAND ${SSH_EXECUTABLE} -Q cipher OUTPUT_VARIABLE OPENSSH_CIPHERS)
execute_process(COMMAND ${SSH_EXECUTABLE} -Q mac OUTPUT_VARIABLE OPENSSH_MACS)
execute_process(COMMAND ${SSH_EXECUTABLE} -Q kex OUTPUT_VARIABLE OPENSSH_KEX)
execute_process(COMMAND ${SSH_EXECUTABLE} -Q key OUTPUT_VARIABLE OPENSSH_KEYS)
execute_process(COMMAND ${SSH_EXECUTABLE} -Q sig OUTPUT_VARIABLE OPENSSH_SIGS ERROR_QUIET)
# We need both of them, but lets get rid of duplicate items presented in both lists
# to avoid processing too long arguments in pkd
set(OPENSSH_KEYS "${OPENSSH_KEYS}${OPENSSH_SIGS}")
string(REPLACE "\n" ";" OPENSSH_KEYS "${OPENSSH_KEYS}")
list(REMOVE_DUPLICATES OPENSSH_KEYS)
string(REPLACE ";" "\n" OPENSSH_KEYS "${OPENSSH_KEYS}")
endif()
set(SSH_ALGORITHMS
3des-cbc aes128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr
aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com
hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com
umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com
diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256
diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
curve25519-sha256 curve25519-sha256@libssh.org
ssh-ed25519 ssh-ed25519-cert-v01@openssh.com ssh-rsa
ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
)
foreach(ALGORITHM ${SSH_ALGORITHMS})
string(TOUPPER ${ALGORITHM} VARNAME)
string(REGEX REPLACE "[-@.]" "_" VARNAME "OPENSSH_${VARNAME}")
# Match the current algorithm into the complete list of OpenSSH supported algorithms.
# If matching, create an OPENSSH_CIPHER_NAME variable.
string(REGEX MATCH ".*${ALGORITHM}\n" "${VARNAME}" "${OPENSSH_CIPHERS}${OPENSSH_MACS}${OPENSSH_KEX}${OPENSSH_KEYS}")
endforeach(ALGORITHM)
string(STRIP "${OPENSSH_CIPHERS}" OPENSSH_CIPHERS)
string(STRIP "${OPENSSH_MACS}" OPENSSH_MACS)
string(STRIP "${OPENSSH_KEX}" OPENSSH_KEX)
string(STRIP "${OPENSSH_KEYS}" OPENSSH_KEYS)
string(REPLACE "\n" "," OPENSSH_CIPHERS "${OPENSSH_CIPHERS}")
string(REPLACE "\n" "," OPENSSH_MACS "${OPENSSH_MACS}")
string(REPLACE "\n" "," OPENSSH_KEX "${OPENSSH_KEX}")
string(REPLACE "\n" "," OPENSSH_KEYS "${OPENSSH_KEYS}")
endif()
find_program(SSHD_EXECUTABLE
NAME
sshd
PATHS
/sbin
/usr/sbin
/usr/local/sbin)
if (CLIENT_TESTING OR SERVER_TESTING)
find_package(socket_wrapper 1.1.5 REQUIRED)
find_package(nss_wrapper 1.1.2 REQUIRED)
find_package(uid_wrapper 1.2.0 REQUIRED)
find_package(pam_wrapper 1.0.1 REQUIRED)
find_package(priv_wrapper 1.0.0)
if (NOT SSHD_EXECUTABLE)
message(SEND_ERROR "Could not find sshd which is required for client testing")
endif()
find_program(NCAT_EXECUTABLE
NAME
ncat
PATHS
/bin
/usr/bin
/usr/local/bin)
if (WITH_PKCS11_URI)
find_package(softhsm)
if (NOT SOFTHSM_FOUND)
message(SEND_ERROR "Could not find softhsm module!")
endif (NOT SOFTHSM_FOUND)
if (WITH_PKCS11_PROVIDER)
find_package(PkgConfig)
if (PKG_CONFIG_FOUND)
pkg_check_modules(P11_KIT p11-kit-1)
if (P11_KIT_FOUND)
pkg_get_variable(P11_MODULE_PATH p11-kit-1 p11_module_path)
set(P11_KIT_CLIENT ${P11_MODULE_PATH}/p11-kit-client.so)
endif (P11_KIT_FOUND)
endif (PKG_CONFIG_FOUND)
endif (WITH_PKCS11_PROVIDER)
endif (WITH_PKCS11_URI)
find_program(SSH_EXECUTABLE NAMES ssh)
if (SSH_EXECUTABLE)
execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR)
string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
add_definitions(-DOPENSSH_VERSION_MAJOR=${OPENSSH_VERSION_MAJOR} -DOPENSSH_VERSION_MINOR=${OPENSSH_VERSION_MINOR})
endif()
set(LOCAL_USER "nobody")
set(LOCAL_UID "65533")
find_program(ID_EXECUTABLE NAMES id)
find_program(WHO_EXECUTABLE NAMES whoami)
if (ID_EXECUTABLE AND WHO_EXECUTABLE)
execute_process(COMMAND ${WHO_EXECUTABLE} OUTPUT_VARIABLE LOCAL_USER OUTPUT_STRIP_TRAILING_WHITESPACE)
execute_process(COMMAND ${ID_EXECUTABLE} -u OUTPUT_VARIABLE LOCAL_UID OUTPUT_STRIP_TRAILING_WHITESPACE)
endif()
find_program(TIMEOUT_EXECUTABLE
NAME
timeout
PATHS
/bin
/usr/bin
/usr/local/bin)
if (TIMEOUT_EXECUTABLE)
set(WITH_TIMEOUT "1")
endif()
# For chroot() use priv_wrapper package if found, or internal chroot_wrapper
if (priv_wrapper_FOUND)
set(CHROOT_WRAPPER "${PRIV_WRAPPER_LIBRARY}")
else()
add_library(chroot_wrapper SHARED chroot_wrapper.c)
set(CHROOT_WRAPPER_LIBRARY ${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chroot_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
set(TEST_TARGET_LIBRARIES
${TEST_TARGET_LIBRARIES}
chroot_wrapper
)
set(CHROOT_WRAPPER "${CHROOT_WRAPPER_LIBRARY}")
endif()
# chown wrapper
add_library(chown_wrapper SHARED chown_wrapper.c)
set(CHOWN_WRAPPER_LIBRARY
${libssh_BINARY_DIR}/lib/${CMAKE_SHARED_LIBRARY_PREFIX}chown_wrapper${CMAKE_SHARED_LIBRARY_SUFFIX})
set(TEST_TARGET_LIBRARIES
${TEST_TARGET_LIBRARIES}
chown_wrapper
)
set(CHOWN_WRAPPER "${CHOWN_WRAPPER_LIBRARY}")
# ssh_ping
add_executable(ssh_ping ssh_ping.c)
target_compile_options(ssh_ping PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
target_link_libraries(ssh_ping ssh::static)
# homedir will be used in passwd
set(HOMEDIR ${CMAKE_CURRENT_BINARY_DIR}/home)
### Setup nss_wrapper
configure_file(etc/passwd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/passwd @ONLY)
configure_file(etc/shadow.in ${CMAKE_CURRENT_BINARY_DIR}/etc/shadow @ONLY)
configure_file(etc/group.in ${CMAKE_CURRENT_BINARY_DIR}/etc/group @ONLY)
configure_file(etc/hosts.in ${CMAKE_CURRENT_BINARY_DIR}/etc/hosts @ONLY)
### Setup pam_wrapper
configure_file(etc/pam_matrix_passdb.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam_matrix_passdb @ONLY)
configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY)
set(TORTURE_ENVIRONMENT
"LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}:${CHROOT_WRAPPER}:${CHOWN_WRAPPER}")
if (priv_wrapper_FOUND)
list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1)
list(APPEND TORTURE_ENVIRONMENT PRIV_WRAPPER_PRCTL_DISABLE="ALL" PRIV_WRAPPER_SETRLIMIT_DISABLE="ALL")
endif()
list(APPEND TORTURE_ENVIRONMENT UID_WRAPPER=1 UID_WRAPPER_ROOT=1)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_PASSWD=${CMAKE_CURRENT_BINARY_DIR}/etc/passwd)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_GROUP=${CMAKE_CURRENT_BINARY_DIR}/etc/group)
list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d)
list(APPEND TORTURE_ENVIRONMENT LSAN_OPTIONS=suppressions=${CMAKE_CURRENT_SOURCE_DIR}/suppressions/lsan.supp)
list(APPEND TORTURE_ENVIRONMENT OPENSSL_ENABLE_SHA1_SIGNATURES=1)
# Give bob some keys
file(COPY keys/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_rsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
# Same as id_rsa, protected with passphrase "secret"
file(COPY keys/id_rsa_protected DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_rsa_protected.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_ecdsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_ecdsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_ed25519 DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/id_ed25519.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
# Allow to auth with bob's public keys on alice account
configure_file(keys/id_rsa.pub ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys @ONLY)
# append ECDSA public key
file(READ keys/id_ecdsa.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")
# append ed25519 public key
file(READ keys/id_ed25519.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")
# Allow to auth with bob his public keys on charlie account
configure_file(keys/pkcs11/id_pkcs11_rsa_openssh.pub ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys @ONLY)
# append ECDSA public key
file(READ keys/pkcs11/id_pkcs11_ecdsa_256_openssh.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}")
file(READ keys/pkcs11/id_pkcs11_ecdsa_384_openssh.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}")
file(READ keys/pkcs11/id_pkcs11_ecdsa_521_openssh.pub CONTENTS)
file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys "${CONTENTS}")
# Copy the signed key to an doe's homedir.
file(COPY keys/certauth/id_rsa DESTINATION
${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/certauth/id_rsa.pub DESTINATION
${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
file(COPY keys/certauth/id_rsa-cert.pub DESTINATION
${CMAKE_CURRENT_BINARY_DIR}/home/doe/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
endif ()
if (WITH_PKCS11_URI)
#Copy the script to setup PKCS11 tokens
file(COPY pkcs11/setup-softhsm-tokens.sh DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/pkcs11 FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE)
endif (WITH_PKCS11_URI)
message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}")
configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h)
if (WITH_BENCHMARKS)
add_subdirectory(benchmarks)
endif ()
if (CLIENT_TESTING)
add_subdirectory(client)
# Only add override testing if testing the client
add_subdirectory(external_override)
endif ()
if (WITH_SERVER AND SERVER_TESTING)
add_subdirectory(pkd)
add_subdirectory(server)
endif ()
if (FUZZ_TESTING)
add_subdirectory(fuzz)
endif()
add_custom_target(test_memcheck
# FIXME: The threads_pki_rsa test is skipped under valgrind as it times out
# Passing suppression file is also stupid so lets go with override here:
# https://stackoverflow.com/a/56116311
COMMAND ${CMAKE_CTEST_COMMAND} -E torture_threads_pki_rsa -E pkd_hello_i1
--output-on-failure --force-new-ctest-process --test-action memcheck
--overwrite MemoryCheckSuppressionFile=${CMAKE_SOURCE_DIR}/tests/valgrind.supp
WORKING_DIRECTORY "${CMAKE_BINARY_DIR}")
Reference in New Issue View Git Blame Copy Permalink