6252aab88a
Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
507 строки
17 KiB
C
507 строки
17 KiB
C
/*
|
|
* This file is part of the SSH Library
|
|
*
|
|
* Copyright (c) 2010 by Aris Adamantiadis
|
|
*
|
|
* The SSH Library is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU Lesser General Public License as published by
|
|
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
* option) any later version.
|
|
*
|
|
* The SSH Library is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
* License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public License
|
|
* along with the SSH Library; see the file COPYING. If not, write to
|
|
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
* MA 02111-1307, USA.
|
|
*/
|
|
|
|
#define LIBSSH_STATIC
|
|
|
|
#include "torture.h"
|
|
#include "libssh/libssh.h"
|
|
#include "libssh/priv.h"
|
|
|
|
#include <errno.h>
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
|
|
static int sshd_setup(void **state)
|
|
{
|
|
torture_setup_sshd_server(state);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sshd_teardown(void **state) {
|
|
torture_teardown_sshd_server(state);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int session_setup(void **state) {
|
|
struct torture_state *s = *state;
|
|
int verbosity = torture_libssh_verbosity();
|
|
struct passwd *pwd;
|
|
int rc;
|
|
|
|
pwd = getpwnam("bob");
|
|
assert_non_null(pwd);
|
|
|
|
rc = setuid(pwd->pw_uid);
|
|
assert_return_code(rc, errno);
|
|
|
|
ssh_init();
|
|
|
|
s->ssh.session = ssh_new();
|
|
assert_non_null(s->ssh.session);
|
|
|
|
ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
|
|
ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, TORTURE_SSH_SERVER);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int session_teardown(void **state)
|
|
{
|
|
struct torture_state *s = *state;
|
|
|
|
ssh_disconnect(s->ssh.session);
|
|
ssh_free(s->ssh.session);
|
|
|
|
ssh_finalize();
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void test_algorithm(ssh_session session, const char *algo, const char *hmac) {
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_C_S, algo);
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, algo);
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, hmac);
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, hmac);
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_connect(session);
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
|
|
static void torture_algorithms_aes128_cbc_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes128-cbc", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_aes128_cbc_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes128-cbc", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_aes128_cbc_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes128-cbc", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_aes192_cbc_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes192-cbc", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_aes192_cbc_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes192-cbc", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_aes192_cbc_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes192-cbc", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_aes256_cbc_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes256-cbc", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_aes256_cbc_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes256-cbc", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_aes256_cbc_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes256-cbc", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_aes128_ctr_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes128-ctr", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_aes128_ctr_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes128-ctr", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_aes128_ctr_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes128-ctr", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_aes192_ctr_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes192-ctr", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_aes192_ctr_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes192-ctr", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_aes192_ctr_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes192-ctr", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_aes256_ctr_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes256-ctr", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_aes256_ctr_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes256-ctr", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_aes256_ctr_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "aes256-ctr", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_3des_cbc_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "3des-cbc", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_3des_cbc_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "3des-cbc", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_3des_cbc_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "3des-cbc", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_blowfish_cbc_hmac_sha1(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "blowfish-cbc", "hmac-sha1");
|
|
}
|
|
|
|
static void torture_algorithms_blowfish_cbc_hmac_sha2_256(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "blowfish-cbc", "hmac-sha2-256");
|
|
}
|
|
|
|
static void torture_algorithms_blowfish_cbc_hmac_sha2_512(void **state) {
|
|
struct torture_state *s = *state;
|
|
|
|
test_algorithm(s->ssh.session, "blowfish-cbc", "hmac-sha2-512");
|
|
}
|
|
|
|
static void torture_algorithms_zlib(void **state) {
|
|
struct torture_state *s = *state;
|
|
ssh_session session = s->ssh.session;
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib");
|
|
#ifdef WITH_ZLIB
|
|
assert_int_equal(rc, SSH_OK);
|
|
#else
|
|
assert_int_equal(rc, SSH_ERROR);
|
|
#endif
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib");
|
|
#ifdef WITH_ZLIB
|
|
assert_int_equal(rc, SSH_OK);
|
|
#else
|
|
assert_int_equal(rc, SSH_ERROR);
|
|
#endif
|
|
|
|
rc = ssh_connect(session);
|
|
#ifdef WITH_ZLIB
|
|
if (ssh_get_openssh_version(session)) {
|
|
assert_false(rc == SSH_OK);
|
|
ssh_disconnect(session);
|
|
return;
|
|
}
|
|
#endif
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
|
|
static void torture_algorithms_zlib_openssh(void **state) {
|
|
struct torture_state *s = *state;
|
|
ssh_session session = s->ssh.session;
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_C_S, "zlib@openssh.com");
|
|
#ifdef WITH_ZLIB
|
|
assert_int_equal(rc, SSH_OK);
|
|
#else
|
|
assert_int_equal(rc, SSH_ERROR);
|
|
#endif
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_COMPRESSION_S_C, "zlib@openssh.com");
|
|
#ifdef WITH_ZLIB
|
|
assert_int_equal(rc, SSH_OK);
|
|
#else
|
|
assert_int_equal(rc, SSH_ERROR);
|
|
#endif
|
|
|
|
rc = ssh_connect(session);
|
|
#ifdef WITH_ZLIB
|
|
if (ssh_get_openssh_version(session)) {
|
|
assert_true(rc==SSH_OK);
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
ssh_disconnect(session);
|
|
return;
|
|
}
|
|
assert_false(rc == SSH_OK);
|
|
#else
|
|
assert_int_equal(rc, SSH_OK);
|
|
#endif
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
|
|
#if defined(HAVE_ECC)
|
|
static void torture_algorithms_ecdh_sha2_nistp256(void **state) {
|
|
struct torture_state *s = *state;
|
|
ssh_session session = s->ssh.session;
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp256");
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_connect(session);
|
|
assert_int_equal(rc, SSH_OK);
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
|
|
static void torture_algorithms_ecdh_sha2_nistp384(void **state) {
|
|
struct torture_state *s = *state;
|
|
ssh_session session = s->ssh.session;
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp384");
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_connect(session);
|
|
assert_int_equal(rc, SSH_OK);
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
|
|
static void torture_algorithms_ecdh_sha2_nistp521(void **state) {
|
|
struct torture_state *s = *state;
|
|
ssh_session session = s->ssh.session;
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp521");
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_connect(session);
|
|
assert_int_equal(rc, SSH_OK);
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
#endif
|
|
|
|
static void torture_algorithms_dh_group1(void **state) {
|
|
struct torture_state *s = *state;
|
|
ssh_session session = s->ssh.session;
|
|
int rc;
|
|
|
|
rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group1-sha1");
|
|
assert_int_equal(rc, SSH_OK);
|
|
|
|
rc = ssh_connect(session);
|
|
assert_int_equal(rc, SSH_OK);
|
|
rc = ssh_userauth_none(session, NULL);
|
|
if (rc != SSH_OK) {
|
|
rc = ssh_get_error_code(session);
|
|
assert_int_equal(rc, SSH_REQUEST_DENIED);
|
|
}
|
|
|
|
ssh_disconnect(session);
|
|
}
|
|
int torture_run_tests(void) {
|
|
int rc;
|
|
struct CMUnitTest tests[] = {
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_cbc_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_cbc_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_cbc_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes128_ctr_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes192_ctr_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_aes256_ctr_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_3des_cbc_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha1,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_blowfish_cbc_hmac_sha2_512,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_zlib,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_zlib_openssh,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_dh_group1,
|
|
session_setup,
|
|
session_teardown),
|
|
#if defined(HAVE_ECC)
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp384,
|
|
session_setup,
|
|
session_teardown),
|
|
cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp521,
|
|
session_setup,
|
|
session_teardown),
|
|
#endif
|
|
};
|
|
|
|
torture_filter_tests(tests);
|
|
rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
|
|
|
|
return rc;
|
|
}
|