tests/pkd: connect to openssh using certificates
Signed-off-by: Ben Toews <mastahyeti@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Этот коммит содержится в:
Ben Toews
Andreas Schneider
родитель
4a01496810
Коммит
08b3301e4f
@ -16,11 +16,11 @@
|
||||
#define OPENSSH_KEYGEN "ssh-keygen"
|
||||
|
||||
#define OPENSSH_HOSTKEY_ALGOS_DEFAULT "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa"
|
||||
#define OPENSSH_PKACCEPTED_DEFAULT "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa"
|
||||
#define OPENSSH_PKACCEPTED_DEFAULT "ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com"
|
||||
|
||||
#if HAVE_ECC
|
||||
#define OPENSSH_HOSTKEY_ALGOS_ECDSA ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"
|
||||
#define OPENSSH_PKACCEPTED_ECDSA ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"
|
||||
#define OPENSSH_PKACCEPTED_ECDSA ",ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com"
|
||||
#else /* HAVE_ECC */
|
||||
#define OPENSSH_HOSTKEY_ALGOS_ECDSA ""
|
||||
#define OPENSSH_PKACCEPTED_ECDSA ""
|
||||
@ -28,7 +28,7 @@
|
||||
|
||||
#if HAVE_DSA
|
||||
#define OPENSSH_HOSTKEY_ALGOS_DSA ",ssh-dss"
|
||||
#define OPENSSH_PKACCEPTED_DSA ",ssh-dss"
|
||||
#define OPENSSH_PKACCEPTED_DSA ",ssh-dss,ssh-dss-cert-v01@openssh.com"
|
||||
#else /* HAVE_DSA */
|
||||
#define OPENSSH_HOSTKEY_ALGOS_DSA ""
|
||||
#define OPENSSH_PKACCEPTED_DSA ""
|
||||
@ -75,6 +75,8 @@
|
||||
#define OPENSSH_HOSTKEY_CMD(hostkeyalgo) \
|
||||
OPENSSH_CMD_START("-o HostKeyAlgorithms=" hostkeyalgo " ") OPENSSH_CMD_END
|
||||
|
||||
#define OPENSSH_CERT_CMD \
|
||||
OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o CertificateFile=" CLIENT_ID_FILE "-cert.pub " OPENSSH_CMD_END
|
||||
|
||||
/* Dropbear */
|
||||
|
||||
|
||||
@ -603,6 +603,7 @@ static void torture_pkd_runtest(const char *testname,
|
||||
#ifdef HAVE_DSA
|
||||
#define CLIENT_ID_FILE OPENSSH_DSA_TESTKEY
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_dsa, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_cert_dsa, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_keytest, openssh_dsa, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_KEX_CMD)
|
||||
@ -615,6 +616,7 @@ PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_dsa, OPENSSH_MAC_CMD)
|
||||
|
||||
#define CLIENT_ID_FILE OPENSSH_RSA_TESTKEY
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_rsa, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_cert_rsa, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_keytest, openssh_rsa, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_KEX_CMD)
|
||||
@ -627,6 +629,7 @@ PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD)
|
||||
|
||||
#define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_e256, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_cert_e256, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_keytest, openssh_e256, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_KEX_CMD)
|
||||
@ -642,6 +645,7 @@ PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_MAC_CMD)
|
||||
|
||||
#define CLIENT_ID_FILE OPENSSH_ED25519_TESTKEY
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_ed, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_keytest, openssh_cert_ed, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_keytest, openssh_ed, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_KEX_CMD)
|
||||
@ -682,6 +686,7 @@ struct {
|
||||
/* OpenSSH */
|
||||
#ifdef HAVE_DSA
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_dsa, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_cert_dsa, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_testmap, openssh_dsa, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_dsa, OPENSSH_KEX_CMD)
|
||||
@ -692,6 +697,7 @@ struct {
|
||||
#endif
|
||||
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_rsa, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_cert_rsa, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD)
|
||||
@ -702,6 +708,7 @@ struct {
|
||||
PKDTESTS_HOSTKEY_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_HOSTKEY_CMD)
|
||||
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_cert_e256, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_testmap, openssh_e256, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_KEX_CMD)
|
||||
@ -711,6 +718,7 @@ struct {
|
||||
PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_MAC_CMD)
|
||||
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_ed, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_testmap, openssh_cert_ed, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_testmap, openssh_ed, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_KEX_CMD)
|
||||
@ -742,6 +750,7 @@ static int pkd_run_tests(void) {
|
||||
const struct CMUnitTest openssh_tests[] = {
|
||||
#ifdef HAVE_DSA
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_dsa, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_dsa, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_dsa, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_unit_test_comma, openssh_dsa, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_CIPHER(emit_unit_test_comma, openssh_dsa, OPENSSH_CIPHER_CMD)
|
||||
@ -751,6 +760,7 @@ static int pkd_run_tests(void) {
|
||||
#endif
|
||||
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_rsa, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_rsa, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_rsa, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_unit_test_comma, openssh_rsa, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_CIPHER(emit_unit_test_comma, openssh_rsa, OPENSSH_CIPHER_CMD)
|
||||
@ -759,6 +769,7 @@ static int pkd_run_tests(void) {
|
||||
PKDTESTS_MAC_OPENSSHONLY(emit_unit_test_comma, openssh_rsa, OPENSSH_MAC_CMD)
|
||||
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_e256, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_e256, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_e256, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_unit_test_comma, openssh_e256, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_CIPHER(emit_unit_test_comma, openssh_e256, OPENSSH_CIPHER_CMD)
|
||||
@ -767,6 +778,7 @@ static int pkd_run_tests(void) {
|
||||
PKDTESTS_MAC_OPENSSHONLY(emit_unit_test_comma, openssh_e256, OPENSSH_MAC_CMD)
|
||||
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_ed, OPENSSH_CMD)
|
||||
PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_ed, OPENSSH_CERT_CMD)
|
||||
PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_ed, OPENSSH_CMD)
|
||||
PKDTESTS_KEX(emit_unit_test_comma, openssh_ed, OPENSSH_KEX_CMD)
|
||||
PKDTESTS_CIPHER(emit_unit_test_comma, openssh_ed, OPENSSH_CIPHER_CMD)
|
||||
|
||||
@ -67,40 +67,47 @@ void setup_ecdsa_keys() {
|
||||
}
|
||||
}
|
||||
|
||||
static void cleanup_key(const char *privkey, const char *pubkey) {
|
||||
unlink(privkey);
|
||||
unlink(pubkey);
|
||||
}
|
||||
|
||||
void cleanup_rsa_key() {
|
||||
cleanup_key(LIBSSH_RSA_TESTKEY, LIBSSH_RSA_TESTKEY ".pub");
|
||||
cleanup_key(LIBSSH_RSA_TESTKEY);
|
||||
}
|
||||
|
||||
void cleanup_ed25519_key() {
|
||||
cleanup_key(LIBSSH_ED25519_TESTKEY, LIBSSH_ED25519_TESTKEY ".pub");
|
||||
cleanup_key(LIBSSH_ED25519_TESTKEY);
|
||||
}
|
||||
|
||||
#ifdef HAVE_DSA
|
||||
void cleanup_dsa_key() {
|
||||
cleanup_key(LIBSSH_DSA_TESTKEY, LIBSSH_DSA_TESTKEY ".pub");
|
||||
cleanup_key(LIBSSH_DSA_TESTKEY);
|
||||
}
|
||||
#endif
|
||||
|
||||
void cleanup_ecdsa_keys() {
|
||||
cleanup_key(LIBSSH_ECDSA_256_TESTKEY, LIBSSH_ECDSA_256_TESTKEY ".pub");
|
||||
cleanup_key(LIBSSH_ECDSA_384_TESTKEY, LIBSSH_ECDSA_384_TESTKEY ".pub");
|
||||
cleanup_key(LIBSSH_ECDSA_521_TESTKEY, LIBSSH_ECDSA_521_TESTKEY ".pub");
|
||||
cleanup_key(LIBSSH_ECDSA_256_TESTKEY);
|
||||
cleanup_key(LIBSSH_ECDSA_384_TESTKEY);
|
||||
cleanup_key(LIBSSH_ECDSA_521_TESTKEY);
|
||||
}
|
||||
|
||||
void setup_openssh_client_keys() {
|
||||
int rc = 0;
|
||||
|
||||
if (access(OPENSSH_CA_TESTKEY, F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f "
|
||||
OPENSSH_CA_TESTKEY);
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
#ifdef HAVE_DSA
|
||||
if (access(OPENSSH_DSA_TESTKEY, F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
|
||||
OPENSSH_DSA_TESTKEY);
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_DSA_TESTKEY "-cert.pub", F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY
|
||||
" " OPENSSH_DSA_TESTKEY ".pub 2>/dev/null");
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
#endif
|
||||
|
||||
if (access(OPENSSH_RSA_TESTKEY, F_OK) != 0) {
|
||||
@ -109,40 +116,71 @@ void setup_openssh_client_keys() {
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_RSA_TESTKEY "-cert.pub", F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
|
||||
OPENSSH_RSA_TESTKEY ".pub 2>/dev/null");
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ECDSA256_TESTKEY, F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -t ecdsa -b 256 -q -N \"\" -f "
|
||||
OPENSSH_ECDSA256_TESTKEY);
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ECDSA256_TESTKEY "-cert.pub", F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
|
||||
OPENSSH_ECDSA256_TESTKEY ".pub 2>/dev/null");
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ECDSA384_TESTKEY, F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -t ecdsa -b 384 -q -N \"\" -f "
|
||||
OPENSSH_ECDSA384_TESTKEY);
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ECDSA384_TESTKEY "-cert.pub", F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
|
||||
OPENSSH_ECDSA384_TESTKEY ".pub 2>/dev/null");
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ECDSA521_TESTKEY, F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -t ecdsa -b 521 -q -N \"\" -f "
|
||||
OPENSSH_ECDSA521_TESTKEY);
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ECDSA521_TESTKEY "-cert.pub", F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
|
||||
OPENSSH_ECDSA521_TESTKEY ".pub 2>/dev/null");
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ED25519_TESTKEY, F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
|
||||
OPENSSH_ED25519_TESTKEY);
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
|
||||
if (access(OPENSSH_ED25519_TESTKEY "-cert.pub", F_OK) != 0) {
|
||||
rc = system_checked(OPENSSH_KEYGEN " -I ident -s " OPENSSH_CA_TESTKEY " "
|
||||
OPENSSH_ED25519_TESTKEY ".pub 2>/dev/null");
|
||||
}
|
||||
assert_int_equal(rc, 0);
|
||||
}
|
||||
|
||||
void cleanup_openssh_client_keys() {
|
||||
cleanup_key(OPENSSH_CA_TESTKEY);
|
||||
#ifdef HAVE_DSA
|
||||
cleanup_key(OPENSSH_DSA_TESTKEY, OPENSSH_DSA_TESTKEY ".pub");
|
||||
cleanup_key(OPENSSH_DSA_TESTKEY);
|
||||
#endif
|
||||
cleanup_key(OPENSSH_RSA_TESTKEY, OPENSSH_RSA_TESTKEY ".pub");
|
||||
cleanup_key(OPENSSH_ECDSA256_TESTKEY, OPENSSH_ECDSA256_TESTKEY ".pub");
|
||||
cleanup_key(OPENSSH_ECDSA384_TESTKEY, OPENSSH_ECDSA384_TESTKEY ".pub");
|
||||
cleanup_key(OPENSSH_ECDSA521_TESTKEY, OPENSSH_ECDSA521_TESTKEY ".pub");
|
||||
cleanup_key(OPENSSH_ED25519_TESTKEY, OPENSSH_ED25519_TESTKEY ".pub");
|
||||
cleanup_key(OPENSSH_RSA_TESTKEY);
|
||||
cleanup_key(OPENSSH_ECDSA256_TESTKEY);
|
||||
cleanup_key(OPENSSH_ECDSA384_TESTKEY);
|
||||
cleanup_key(OPENSSH_ECDSA521_TESTKEY);
|
||||
cleanup_key(OPENSSH_ED25519_TESTKEY);
|
||||
}
|
||||
|
||||
void setup_dropbear_client_rsa_key() {
|
||||
|
||||
@ -41,6 +41,7 @@ void cleanup_ecdsa_keys(void);
|
||||
#define OPENSSH_ECDSA384_TESTKEY "openssh_testkey.id_ecdsa384"
|
||||
#define OPENSSH_ECDSA521_TESTKEY "openssh_testkey.id_ecdsa521"
|
||||
#define OPENSSH_ED25519_TESTKEY "openssh_testkey.id_ed25519"
|
||||
#define OPENSSH_CA_TESTKEY "libssh_testkey.ca"
|
||||
|
||||
#define DROPBEAR_RSA_TESTKEY "dropbear_testkey.id_rsa"
|
||||
|
||||
@ -50,4 +51,15 @@ void cleanup_openssh_client_keys(void);
|
||||
void setup_dropbear_client_rsa_key(void);
|
||||
void cleanup_dropbear_client_rsa_key(void);
|
||||
|
||||
#define cleanup_file(name) do {\
|
||||
if (access((name), F_OK) != -1) {\
|
||||
unlink((name));\
|
||||
}} while (0)
|
||||
|
||||
#define cleanup_key(name) do {\
|
||||
cleanup_file((name));\
|
||||
cleanup_file((name ".pub"));\
|
||||
cleanup_file((name "-cert.pub"));\
|
||||
} while (0)
|
||||
|
||||
#endif /* __PKD_KEYUTIL_H__ */
|
||||
|
||||
Загрузка…
x
Ссылка в новой задаче
Block a user