tests(fido2): add sk key files to the testing infrastructure

Signed-off-by: Praneeth Sarode <praneethsarode@gmail.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
2025-12-06 13:20:57 +03:00 · 2025-08-17 02:14:38 +05:30
parent d91630308d
commit 21d338737a
6 changed files with 43 additions and 0 deletions
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -164,6 +164,8 @@ if (SSH_EXECUTABLE)
        ssh-rsa-cert-v01@openssh.com
        ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com
        ecdsa-sha2-nistp521-cert-v01@openssh.com
+        sk-ssh-ed25519@openssh.com sk-ecdsa-sha2-nistp256@openssh.com
+        sk-ssh-ed25519-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
        )
    foreach(ALGORITHM ${SSH_ALGORITHMS})
        string(TOUPPER ${ALGORITHM} VARNAME)
@@ -327,6 +329,11 @@ if (CLIENT_TESTING OR SERVER_TESTING)
    file(COPY keys/id_ecdsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
    file(COPY keys/id_ed25519 DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
    file(COPY keys/id_ed25519.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    # Security key support
+    file(COPY keys/id_ecdsa_sk DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    file(COPY keys/id_ecdsa_sk.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    file(COPY keys/id_ed25519_sk DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
+    file(COPY keys/id_ed25519_sk.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)

    # Allow to auth with bob's public keys on alice and doe account
    configure_file(keys/id_rsa.pub ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys @ONLY)
@@ -340,6 +347,14 @@ if (CLIENT_TESTING OR SERVER_TESTING)
    file(READ keys/id_ed25519.pub CONTENTS)
    file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")

+    # append sk-ecdsa public key
+    file(READ keys/id_ecdsa_sk.pub CONTENTS)
+    file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")
+
+    # append sk-ed25519 public key
+    file(READ keys/id_ed25519_sk.pub CONTENTS)
+    file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}")
+
    # Allow to auth with bob his public keys on charlie account
    configure_file(keys/pkcs11/id_pkcs11_rsa_openssh.pub ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys @ONLY)

--- a/tests/keys/id_ecdsa_sk
+++ b/tests/keys/id_ecdsa_sk
@@ -0,0 +1,14 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAjwAAACJzay1lY2
+RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQRv1/dD0qNb
+Bbm4JmHwa9AQdHwzYOBDkptAAUJcyLX3kc8koKLoQF6rhUKGeZP6pv+AanVRTyOd/ITGUm
+Zbgt7hAAAAFHNzaDp0ZXN0QGV4YW1wbGUuY29tAAABkH7S+n5+0vp+AAAAInNrLWVjZHNh
+LXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBG/X90PSo1sFub
+gmYfBr0BB0fDNg4EOSm0ABQlzItfeRzySgouhAXquFQoZ5k/qm/4BqdVFPI538hMZSZluC
+3uEAAAAUc3NoOnRlc3RAZXhhbXBsZS5jb20BAAAA4y0tLS0tQkVHSU4gRUMgUFJJVkFURS
+BLRVktLS0tLQpNSGNDQVFFRUlIRGZSL1NqWkRlczZrUmtTM0dLQTZoTUtSYmxRQjFWQlp3
+KzdqR2pIWU5xb0FvR0NDcUdTTTQ5CkF3RUhvVVFEUWdBRWI5ZjNROUtqV3dXNXVDWmg4R3
+ZRRUhSOE0yRGdRNUtiUUFGQ1hNaTE5NUhQSktDaTZFQmUKcTRWQ2hubVQrcWIvZ0dwMVVV
+OGpuZnlFeGxKbVc0TGU0UT09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0KAAAAAA
+AAAAABAgMEBQYHCAk=
+-----END OPENSSH PRIVATE KEY-----
--- a/tests/keys/id_ecdsa_sk.pub
+++ b/tests/keys/id_ecdsa_sk.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBG/X90PSo1sFubgmYfBr0BB0fDNg4EOSm0ABQlzItfeRzySgouhAXquFQoZ5k/qm/4BqdVFPI538hMZSZluC3uEAAAAUc3NoOnRlc3RAZXhhbXBsZS5jb20= phoenix@phoenix-pc
--- a/tests/keys/id_ed25519_sk
+++ b/tests/keys/id_ed25519_sk
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAWgAAABpzay1zc2
+gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACDa9bna/CE9hXZDMX6I37Re6AlzNVZh0yB8D/U3
+8SS2vgAAABRzc2g6dGVzdEBleGFtcGxlLmNvbQAAALC75D22u+Q9tgAAABpzay1zc2gtZW
+QyNTUxOUBvcGVuc3NoLmNvbQAAACDa9bna/CE9hXZDMX6I37Re6AlzNVZh0yB8D/U38SS2
+vgAAABRzc2g6dGVzdEBleGFtcGxlLmNvbQEAAABA7QoCSXA/S9yF96YpCLNTVap+mYg0vH
+yhKlMAUNnPqeXa9bna/CE9hXZDMX6I37Re6AlzNVZh0yB8D/U38SS2vgAAAAAAAAAAAQ==
+-----END OPENSSH PRIVATE KEY-----
--- a/tests/keys/id_ed25519_sk.pub
+++ b/tests/keys/id_ed25519_sk.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINr1udr8IT2FdkMxfojftF7oCXM1VmHTIHwP9TfxJLa+AAAAFHNzaDp0ZXN0QGV4YW1wbGUuY29t phoenix@phoenix-pc
--- a/tests/tests_config.h.cmake
+++ b/tests/tests_config.h.cmake
@@ -63,6 +63,10 @@
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH_COM 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP384_CERT_V01_OPENSSH_COM 1
 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP521_CERT_V01_OPENSSH_COM 1
+#cmakedefine OPENSSH_SK_SSH_ED25519_OPENSSH_COM 1
+#cmakedefine OPENSSH_SK_SSH_ED25519_CERT_V01_OPENSSH_COM 1
+#cmakedefine OPENSSH_SK_ECDSA_SHA2_NISTP256_OPENSSH_COM 1
+#cmakedefine OPENSSH_SK_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH_COM 1

 /* Available programs */
				`@@ -0,0 +1 @@`
				`sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBG/X90PSo1sFubgmYfBr0BB0fDNg4EOSm0ABQlzItfeRzySgouhAXquFQoZ5k/qm/4BqdVFPI538hMZSZluC3uEAAAAUc3NoOnRlc3RAZXhhbXBsZS5jb20= phoenix@phoenix-pc`
				`@@ -0,0 +1 @@`
				`sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINr1udr8IT2FdkMxfojftF7oCXM1VmHTIHwP9TfxJLa+AAAAFHNzaDp0ZXN0QGV4YW1wbGUuY29t phoenix@phoenix-pc`