From 21d338737a361d8a83317de8a700eabd12b0968f Mon Sep 17 00:00:00 2001 From: Praneeth Sarode Date: Sun, 17 Aug 2025 02:14:38 +0530 Subject: [PATCH] tests(fido2): add sk key files to the testing infrastructure Signed-off-by: Praneeth Sarode Reviewed-by: Jakub Jelen Reviewed-by: Eshan Kelkar --- tests/CMakeLists.txt | 15 +++++++++++++++ tests/keys/id_ecdsa_sk | 14 ++++++++++++++ tests/keys/id_ecdsa_sk.pub | 1 + tests/keys/id_ed25519_sk | 8 ++++++++ tests/keys/id_ed25519_sk.pub | 1 + tests/tests_config.h.cmake | 4 ++++ 6 files changed, 43 insertions(+) create mode 100644 tests/keys/id_ecdsa_sk create mode 100644 tests/keys/id_ecdsa_sk.pub create mode 100644 tests/keys/id_ed25519_sk create mode 100644 tests/keys/id_ed25519_sk.pub diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ca8e74de..29178a76 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -164,6 +164,8 @@ if (SSH_EXECUTABLE) ssh-rsa-cert-v01@openssh.com ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com + sk-ssh-ed25519@openssh.com sk-ecdsa-sha2-nistp256@openssh.com + sk-ssh-ed25519-cert-v01@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com ) foreach(ALGORITHM ${SSH_ALGORITHMS}) string(TOUPPER ${ALGORITHM} VARNAME) @@ -327,6 +329,11 @@ if (CLIENT_TESTING OR SERVER_TESTING) file(COPY keys/id_ecdsa.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) file(COPY keys/id_ed25519 DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) file(COPY keys/id_ed25519.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + # Security key support + file(COPY keys/id_ecdsa_sk DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + file(COPY keys/id_ecdsa_sk.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + file(COPY keys/id_ed25519_sk DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) + file(COPY keys/id_ed25519_sk.pub DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE) # Allow to auth with bob's public keys on alice and doe account configure_file(keys/id_rsa.pub ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys @ONLY) @@ -340,6 +347,14 @@ if (CLIENT_TESTING OR SERVER_TESTING) file(READ keys/id_ed25519.pub CONTENTS) file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}") + # append sk-ecdsa public key + file(READ keys/id_ecdsa_sk.pub CONTENTS) + file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}") + + # append sk-ed25519 public key + file(READ keys/id_ed25519_sk.pub CONTENTS) + file(APPEND ${CMAKE_CURRENT_BINARY_DIR}/home/alice/.ssh/authorized_keys "${CONTENTS}") + # Allow to auth with bob his public keys on charlie account configure_file(keys/pkcs11/id_pkcs11_rsa_openssh.pub ${CMAKE_CURRENT_BINARY_DIR}/home/charlie/.ssh/authorized_keys @ONLY) diff --git a/tests/keys/id_ecdsa_sk b/tests/keys/id_ecdsa_sk new file mode 100644 index 00000000..4c35105a --- /dev/null +++ b/tests/keys/id_ecdsa_sk @@ -0,0 +1,14 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAjwAAACJzay1lY2 +RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQRv1/dD0qNb +Bbm4JmHwa9AQdHwzYOBDkptAAUJcyLX3kc8koKLoQF6rhUKGeZP6pv+AanVRTyOd/ITGUm +Zbgt7hAAAAFHNzaDp0ZXN0QGV4YW1wbGUuY29tAAABkH7S+n5+0vp+AAAAInNrLWVjZHNh +LXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBG/X90PSo1sFub +gmYfBr0BB0fDNg4EOSm0ABQlzItfeRzySgouhAXquFQoZ5k/qm/4BqdVFPI538hMZSZluC +3uEAAAAUc3NoOnRlc3RAZXhhbXBsZS5jb20BAAAA4y0tLS0tQkVHSU4gRUMgUFJJVkFURS +BLRVktLS0tLQpNSGNDQVFFRUlIRGZSL1NqWkRlczZrUmtTM0dLQTZoTUtSYmxRQjFWQlp3 +KzdqR2pIWU5xb0FvR0NDcUdTTTQ5CkF3RUhvVVFEUWdBRWI5ZjNROUtqV3dXNXVDWmg4R3 +ZRRUhSOE0yRGdRNUtiUUFGQ1hNaTE5NUhQSktDaTZFQmUKcTRWQ2hubVQrcWIvZ0dwMVVV +OGpuZnlFeGxKbVc0TGU0UT09Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0KAAAAAA +AAAAABAgMEBQYHCAk= +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/keys/id_ecdsa_sk.pub b/tests/keys/id_ecdsa_sk.pub new file mode 100644 index 00000000..fbb35ffd --- /dev/null +++ b/tests/keys/id_ecdsa_sk.pub @@ -0,0 +1 @@ +sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBG/X90PSo1sFubgmYfBr0BB0fDNg4EOSm0ABQlzItfeRzySgouhAXquFQoZ5k/qm/4BqdVFPI538hMZSZluC3uEAAAAUc3NoOnRlc3RAZXhhbXBsZS5jb20= phoenix@phoenix-pc diff --git a/tests/keys/id_ed25519_sk b/tests/keys/id_ed25519_sk new file mode 100644 index 00000000..1622d28a --- /dev/null +++ b/tests/keys/id_ed25519_sk @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAWgAAABpzay1zc2 +gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACDa9bna/CE9hXZDMX6I37Re6AlzNVZh0yB8D/U3 +8SS2vgAAABRzc2g6dGVzdEBleGFtcGxlLmNvbQAAALC75D22u+Q9tgAAABpzay1zc2gtZW +QyNTUxOUBvcGVuc3NoLmNvbQAAACDa9bna/CE9hXZDMX6I37Re6AlzNVZh0yB8D/U38SS2 +vgAAABRzc2g6dGVzdEBleGFtcGxlLmNvbQEAAABA7QoCSXA/S9yF96YpCLNTVap+mYg0vH +yhKlMAUNnPqeXa9bna/CE9hXZDMX6I37Re6AlzNVZh0yB8D/U38SS2vgAAAAAAAAAAAQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/tests/keys/id_ed25519_sk.pub b/tests/keys/id_ed25519_sk.pub new file mode 100644 index 00000000..e31326e8 --- /dev/null +++ b/tests/keys/id_ed25519_sk.pub @@ -0,0 +1 @@ +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINr1udr8IT2FdkMxfojftF7oCXM1VmHTIHwP9TfxJLa+AAAAFHNzaDp0ZXN0QGV4YW1wbGUuY29t phoenix@phoenix-pc diff --git a/tests/tests_config.h.cmake b/tests/tests_config.h.cmake index e571737b..d17a676a 100644 --- a/tests/tests_config.h.cmake +++ b/tests/tests_config.h.cmake @@ -63,6 +63,10 @@ #cmakedefine OPENSSH_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH_COM 1 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP384_CERT_V01_OPENSSH_COM 1 #cmakedefine OPENSSH_ECDSA_SHA2_NISTP521_CERT_V01_OPENSSH_COM 1 +#cmakedefine OPENSSH_SK_SSH_ED25519_OPENSSH_COM 1 +#cmakedefine OPENSSH_SK_SSH_ED25519_CERT_V01_OPENSSH_COM 1 +#cmakedefine OPENSSH_SK_ECDSA_SHA2_NISTP256_OPENSSH_COM 1 +#cmakedefine OPENSSH_SK_ECDSA_SHA2_NISTP256_CERT_V01_OPENSSH_COM 1 /* Available programs */