From fffa66698f6cdc2046dc54b5f40ecc5446cdcbca Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Sat, 2 Feb 2019 16:49:05 +0100 Subject: [PATCH] Allow building without Group Exchange support Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- .gitlab-ci.yml | 2 +- CMakeLists.txt | 1 + DefineOptions.cmake | 1 + config.h.cmake | 3 + include/libssh/crypto.h | 5 ++ src/CMakeLists.txt | 8 +- src/client.c | 4 + src/dh.c | 2 + src/kex.c | 15 ++++ src/wrapper.c | 4 + tests/client/torture_algorithms.c | 4 + tests/pkd/pkd_hello.c | 135 ++++++++++++++---------------- tests/unittests/CMakeLists.txt | 2 +- 13 files changed, 109 insertions(+), 77 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ae879f78..b2c5e546 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -54,7 +54,7 @@ fedora/openssl_1.1.x/x86_64/minimal: -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=OFF -DWITH_SERVER=OFF -DWITH_ZLIB=OFF -DWITH_PCAP=OFF - -DUNIT_TESTING=ON -DCLIENT_TESTING=ON .. && + -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DWITH_GEX=OFF .. && make -j$(nproc) && ctest --output-on-failure tags: - shared diff --git a/CMakeLists.txt b/CMakeLists.txt index d2d27712..d6f12d44 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -223,6 +223,7 @@ message(STATUS "libnacl support: ${WITH_NACL}") message(STATUS "SFTP support: ${WITH_SFTP}") message(STATUS "Server support : ${WITH_SERVER}") message(STATUS "GSSAPI support : ${WITH_GSSAPI}") +message(STATUS "GEX support : ${WITH_GEX}") message(STATUS "Pcap debugging support : ${WITH_PCAP}") message(STATUS "With static library: ${WITH_STATIC_LIB}") message(STATUS "Unit testing: ${UNIT_TESTING}") diff --git a/DefineOptions.cmake b/DefineOptions.cmake index ca7fe777..84ccd96d 100644 --- a/DefineOptions.cmake +++ b/DefineOptions.cmake @@ -19,6 +19,7 @@ option(WITH_EXAMPLES "Build examples" ON) option(WITH_NACL "Build with libnacl (curve25519)" ON) option(WITH_SYMBOL_VERSIONING "Build with symbol versioning" ON) option(WITH_ABI_BREAK "Allow ABI break" OFF) +option(WITH_GEX "Enable DH Group exchange mechanisms" ON) option(FUZZ_TESTING "Build with fuzzer for the server" OFF) option(PICKY_DEVELOPER "Build with picky developer flags" OFF) diff --git a/config.h.cmake b/config.h.cmake index db28affe..21216300 100644 --- a/config.h.cmake +++ b/config.h.cmake @@ -238,6 +238,9 @@ /* Define to 1 if you want to enable server support */ #cmakedefine WITH_SERVER 1 +/* Define to 1 if you want to enable DH group exchange algorithms */ +#cmakedefine WITH_GEX 1 + /* Define to 1 if you want to enable blowfish cipher support */ #cmakedefine WITH_BLOWFISH_CIPHER 1 diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h index 3ec0bc5a..4cd76ddb 100644 --- a/include/libssh/crypto.h +++ b/include/libssh/crypto.h @@ -58,9 +58,12 @@ enum ssh_key_exchange_e { SSH_KEX_DH_GROUP1_SHA1=1, /* diffie-hellman-group14-sha1 */ SSH_KEX_DH_GROUP14_SHA1, +#ifdef WITH_GEX /* diffie-hellman-group-exchange-sha1 */ SSH_KEX_DH_GEX_SHA1, + /* diffie-hellman-group-exchange-sha256 */ SSH_KEX_DH_GEX_SHA256, +#endif /* WITH_GEX */ /* ecdh-sha2-nistp256 */ SSH_KEX_ECDH_SHA2_NISTP256, /* ecdh-sha2-nistp384 */ @@ -98,7 +101,9 @@ struct ssh_crypto_struct { bignum e,f,x,k,y; bignum g, p; int dh_group_is_mutable; /* do free group parameters */ +#ifdef WITH_GEX size_t dh_pmin; int dh_pn; int dh_pmax; /* preferred group parameters */ +#endif /* WITH_GEX */ #ifdef HAVE_ECDH #ifdef HAVE_OPENSSL_ECC EC_KEY *ecdh_privkey; diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ff3b3a47..3261d42c 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -126,7 +126,6 @@ set(libssh_SRCS connector.c curve25519.c dh.c - dh-gex.c ecdh.c error.c getpass.c @@ -243,6 +242,13 @@ if (WITH_SERVER) ) endif (WITH_SERVER) +if (WITH_GEX) + set(libssh_SRCS + ${libssh_SRCS} + dh-gex.c + ) +endif (WITH_GEX) + if (WITH_ZLIB) set(libssh_SRCS ${libssh_SRCS} diff --git a/src/client.c b/src/client.c index 64e81115..a36358fe 100644 --- a/src/client.c +++ b/src/client.c @@ -38,7 +38,9 @@ #include "libssh/socket.h" #include "libssh/session.h" #include "libssh/dh.h" +#ifdef WITH_GEX #include "libssh/dh-gex.h" +#endif /* WITH_GEX */ #include "libssh/ecdh.h" #include "libssh/threads.h" #include "libssh/misc.h" @@ -254,10 +256,12 @@ static int dh_handshake(ssh_session session) { case SSH_KEX_DH_GROUP18_SHA512: rc = ssh_client_dh_init(session); break; +#ifdef WITH_GEX case SSH_KEX_DH_GEX_SHA1: case SSH_KEX_DH_GEX_SHA256: rc = ssh_client_dhgex_init(session); break; +#endif /* WITH_GEX */ #ifdef HAVE_ECDH case SSH_KEX_ECDH_SHA2_NISTP256: case SSH_KEX_ECDH_SHA2_NISTP384: diff --git a/src/dh.c b/src/dh.c index c4867995..b6ae33c6 100644 --- a/src/dh.c +++ b/src/dh.c @@ -673,10 +673,12 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet) case SSH_KEX_DH_GROUP18_SHA512: packet_type = SSH2_MSG_KEXDH_REPLY; break; +#ifdef WITH_GEX case SSH_KEX_DH_GEX_SHA1: case SSH_KEX_DH_GEX_SHA256: packet_type = SSH2_MSG_KEX_DH_GEX_REPLY; break; +#endif /* WITH_GEX */ default: ssh_set_error(session, SSH_FATAL, "Invalid kex type"); goto error; diff --git a/src/kex.c b/src/kex.c index c5bb7e1d..463bbbff 100644 --- a/src/kex.c +++ b/src/kex.c @@ -31,7 +31,9 @@ #include "libssh/priv.h" #include "libssh/buffer.h" #include "libssh/dh.h" +#ifdef WITH_GEX #include "libssh/dh-gex.h" +#endif /* WITH_GEX */ #include "libssh/kex.h" #include "libssh/session.h" #include "libssh/ssh2.h" @@ -114,8 +116,13 @@ #define ECDH "" #endif +#ifdef WITH_GEX #define GEX_SHA256 "diffie-hellman-group-exchange-sha256," #define GEX_SHA1 "diffie-hellman-group-exchange-sha1," +#else +#define GEX_SHA256 +#define GEX_SHA1 +#endif /* WITH_GEX */ #define CHACHA20 "chacha20-poly1305@openssh.com," @@ -838,10 +845,12 @@ int ssh_kex_select_methods (ssh_session session){ session->next_crypto->kex_type=SSH_KEX_DH_GROUP16_SHA512; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group18-sha512") == 0){ session->next_crypto->kex_type=SSH_KEX_DH_GROUP18_SHA512; +#ifdef WITH_GEX } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group-exchange-sha1") == 0){ session->next_crypto->kex_type=SSH_KEX_DH_GEX_SHA1; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group-exchange-sha256") == 0){ session->next_crypto->kex_type=SSH_KEX_DH_GEX_SHA256; +#endif /* WITH_GEX */ } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp256") == 0){ session->next_crypto->kex_type=SSH_KEX_ECDH_SHA2_NISTP256; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "ecdh-sha2-nistp384") == 0){ @@ -1096,6 +1105,7 @@ int ssh_make_sessionid(ssh_session session) goto error; } break; +#ifdef WITH_GEX case SSH_KEX_DH_GEX_SHA1: case SSH_KEX_DH_GEX_SHA256: rc = ssh_buffer_pack(buf, @@ -1111,6 +1121,7 @@ int ssh_make_sessionid(ssh_session session) goto error; } break; +#endif /* WITH_GEX */ #ifdef HAVE_ECDH case SSH_KEX_ECDH_SHA2_NISTP256: case SSH_KEX_ECDH_SHA2_NISTP384: @@ -1157,7 +1168,9 @@ int ssh_make_sessionid(ssh_session session) switch (session->next_crypto->kex_type) { case SSH_KEX_DH_GROUP1_SHA1: case SSH_KEX_DH_GROUP14_SHA1: +#ifdef WITH_GEX case SSH_KEX_DH_GEX_SHA1: +#endif /* WITH_GEX */ session->next_crypto->digest_len = SHA_DIGEST_LENGTH; session->next_crypto->mac_type = SSH_MAC_SHA1; session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len); @@ -1171,7 +1184,9 @@ int ssh_make_sessionid(ssh_session session) case SSH_KEX_ECDH_SHA2_NISTP256: case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: +#ifdef WITH_GEX case SSH_KEX_DH_GEX_SHA256: +#endif /* WITH_GEX */ session->next_crypto->digest_len = SHA256_DIGEST_LENGTH; session->next_crypto->mac_type = SSH_MAC_SHA256; session->next_crypto->secret_hash = malloc(session->next_crypto->digest_len); diff --git a/src/wrapper.c b/src/wrapper.c index 46ab22c5..79603455 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -49,7 +49,9 @@ #include "libssh/pki.h" #include "libssh/poly1305.h" #include "libssh/dh.h" +#ifdef WITH_GEX #include "libssh/dh-gex.h" +#endif /* WITH_GEX */ #include "libssh/ecdh.h" #include "libssh/curve25519.h" @@ -539,10 +541,12 @@ int crypt_set_algorithms_server(ssh_session session){ case SSH_KEX_DH_GROUP18_SHA512: ssh_server_dh_init(session); break; +#ifdef WITH_GEX case SSH_KEX_DH_GEX_SHA1: case SSH_KEX_DH_GEX_SHA256: ssh_server_dhgex_init(session); break; +#endif /* WITH_GEX */ #ifdef HAVE_ECDH case SSH_KEX_ECDH_SHA2_NISTP256: case SSH_KEX_ECDH_SHA2_NISTP384: diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c index 097e3c3c..aa1bf524 100644 --- a/tests/client/torture_algorithms.c +++ b/tests/client/torture_algorithms.c @@ -438,6 +438,7 @@ static void torture_algorithms_dh_group18(void **state) { test_algorithm(s->ssh.session, "diffie-hellman-group18-sha512", NULL/*cipher*/, NULL/*hmac*/); } +#ifdef WITH_GEX static void torture_algorithms_dh_gex_sha1(void **state) { struct torture_state *s = *state; @@ -457,6 +458,7 @@ static void torture_algorithms_dh_gex_sha256(void **state) NULL, /* cipher */ NULL); /* hmac */ } +#endif /* WITH_GEX */ int torture_run_tests(void) { int rc; @@ -564,12 +566,14 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_dh_group18, session_setup, session_teardown), +#ifdef WITH_GEX cmocka_unit_test_setup_teardown(torture_algorithms_dh_gex_sha1, session_setup, session_teardown), cmocka_unit_test_setup_teardown(torture_algorithms_dh_gex_sha256, session_setup, session_teardown), +#endif /* WITH_GEX */ #if ((OPENSSH_VERSION_MAJOR == 7 && OPENSSH_VERSION_MINOR >= 3) || OPENSSH_VERSION_MAJOR > 7) cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_curve25519_sha256, session_setup, diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index da6049a5..9c739701 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -217,9 +217,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) { #define GEX_SHA256 "diffie-hellman-group-exchange-sha256" #define GEX_SHA1 "diffie-hellman-group-exchange-sha1" -#ifdef HAVE_DSA -#define PKDTESTS_KEX(f, client, kexcmd) \ - /* Kex algorithms. */ \ +#define PKDTESTS_KEX_COMMON(f, client, kexcmd) \ f(client, rsa_curve25519_sha256, kexcmd("curve25519-sha256"), setup_rsa, teardown) \ f(client, rsa_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_rsa, teardown) \ f(client, rsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_rsa, teardown) \ @@ -229,6 +227,38 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, rsa_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_rsa, teardown) \ + f(client, ecdsa_256_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) + +#if defined(HAVE_DSA) && defined(WITH_GEX) +#define PKDTESTS_KEX(f, client, kexcmd) \ + /* Kex algorithms. */ \ + PKDTESTS_KEX_COMMON(f, client, kexcmd) \ f(client, rsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_rsa, teardown) \ f(client, dsa_curve25519_sha256, kexcmd("curve25519-sha256"), setup_dsa, teardown) \ @@ -242,87 +272,44 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, dsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_dsa, teardown) \ f(client, dsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_dsa, teardown) \ f(client, dsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_dsa, teardown) \ - f(client, ecdsa_256_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_256, teardown) \ - f(client, ecdsa_384_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_384, teardown) \ - f(client, ecdsa_521_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_521, teardown) +#elif defined(HAVE_DSA) /* && !defined(WITH_GEX) */ +#define PKDTESTS_KEX(f, client, kexcmd) \ + /* Kex algorithms. */ \ + PKDTESTS_KEX_COMMON(f, client, kexcmd) \ + f(client, dsa_curve25519_sha256, kexcmd("curve25519-sha256"), setup_dsa, teardown) \ + f(client, dsa_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_dsa, teardown) \ + f(client, dsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_dsa, teardown) \ + f(client, dsa_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384 "), setup_dsa, teardown) \ + f(client, dsa_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_dsa, teardown) \ + f(client, dsa_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_dsa, teardown) \ + f(client, dsa_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_dsa, teardown) \ + f(client, dsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_dsa, teardown) \ + f(client, dsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_dsa, teardown) \ + +#elif defined(WITH_GEX) /* && !defined(HAVE_DSA) */ +#define PKDTESTS_KEX(f, client, kexcmd) \ + /* Kex algorithms. */ \ + PKDTESTS_KEX_COMMON(f, client, kexcmd) \ + f(client, rsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_rsa, teardown) \ + f(client, rsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_rsa, teardown) \ + f(client, ecdsa_256_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_256, teardown) \ + f(client, ecdsa_384_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_384, teardown) \ + f(client, ecdsa_521_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_521, teardown) + #else #define PKDTESTS_KEX(f, client, kexcmd) \ /* Kex algorithms. */ \ - f(client, rsa_curve25519_sha256, kexcmd("curve25519-sha256"), setup_rsa, teardown) \ - f(client, rsa_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_rsa, teardown) \ - f(client, rsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_rsa, teardown) \ - f(client, rsa_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_rsa, teardown) \ - f(client, rsa_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_rsa, teardown) \ - f(client, rsa_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_rsa, teardown) \ - f(client, rsa_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_rsa, teardown) \ - f(client, rsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_rsa, teardown) \ - f(client, rsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_rsa, teardown) \ - f(client, rsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_rsa, teardown) \ - f(client, rsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_rsa, teardown) \ - f(client, ecdsa_256_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_256, teardown) \ - f(client, ecdsa_256_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_256, teardown) \ - f(client, ecdsa_384_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_384, teardown) \ - f(client, ecdsa_384_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_384, teardown) \ - f(client, ecdsa_521_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ecdsa_521, teardown) \ - f(client, ecdsa_521_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ecdsa_521, teardown) + PKDTESTS_KEX_COMMON(f, client, kexcmd) #endif diff --git a/tests/unittests/CMakeLists.txt b/tests/unittests/CMakeLists.txt index 328e6dd7..218b6559 100644 --- a/tests/unittests/CMakeLists.txt +++ b/tests/unittests/CMakeLists.txt @@ -42,7 +42,7 @@ if (UNIX AND NOT WIN32) torture_channel ) - if (WITH_SERVER) + if (WITH_SERVER AND WITH_GEX) set(LIBSSH_UNIT_TESTS ${LIBSSH_UNIT_TESTS} torture_moduli)