From b64e7f67d3f455c9a296b0742a94d0f3c7423719 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 5 Nov 2025 16:48:20 +0100 Subject: [PATCH] pkd: Run ed25519 tests with dropbear Resolves: #336 Signed-off-by: Jakub Jelen Reviewed-by: Andreas Schneider --- tests/pkd/pkd_hello.c | 77 ++++++++++--------------------------------- 1 file changed, 17 insertions(+), 60 deletions(-) diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index 54e72b80..c23e47d4 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -222,10 +222,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) { #define PKDTESTS_DEFAULT(f, client, cmd) \ /* Default passes by server key type. */ \ - PKDTESTS_DEFAULT_FIPS(f, client, cmd) - -#define PKDTESTS_DEFAULT_OPENSSHONLY(f, client, cmd) \ - /* Default passes by server key type. */ \ + PKDTESTS_DEFAULT_FIPS(f, client, cmd) \ f(client, ed25519_default, cmd, setup_ed25519, teardown) #define GEX_SHA256 "diffie-hellman-group-exchange-sha256" @@ -291,7 +288,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, rsa_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_rsa, teardown) \ f(client, ecdsa_256_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_384, teardown) \ - f(client, ecdsa_521_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_521, teardown) + f(client, ecdsa_521_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ecdsa_521, teardown) \ + f(client, ed25519_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ed25519, teardown) #else #define PKDTESTS_KEX_SNTRUP761_OPENSSH(f, client, kexcmd) #endif @@ -302,7 +300,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, rsa_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_rsa, teardown) \ f(client, ecdsa_256_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_ecdsa_384, teardown) \ - f(client, ecdsa_521_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_ecdsa_521, teardown) + f(client, ecdsa_521_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_ecdsa_521, teardown) \ + f(client, ed25519_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_ed25519, teardown) #else #define PKDTESTS_KEX_SNTRUP761(f, client, kexcmd) #endif @@ -312,7 +311,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, rsa_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_rsa, teardown) \ f(client, ecdsa_256_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_384, teardown) \ - f(client, ecdsa_521_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_521, teardown) + f(client, ecdsa_521_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ecdsa_521, teardown) \ + f(client, ed25519_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ed25519, teardown) #else #define PKDTESTS_KEX_MLKEM768(f, client, kexcmd) #endif @@ -351,35 +351,6 @@ static int torture_pkd_setup_ecdsa_521(void **state) { #else #define PKDTESTS_KEX(f, client, kexcmd) \ /* Kex algorithms. */ \ - PKDTESTS_KEX_COMMON(f, client, kexcmd) -#endif - -#ifdef OPENSSH_SNTRUP761X25519_SHA512_OPENSSH_COM -#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) \ - f(client, ed25519_sntrup761x25519_sha512_openssh_com, kexcmd(SNTRUP_OPENSSH_NAME), setup_ed25519, teardown) -#else -#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) -#endif - -#ifdef OPENSSH_SNTRUP761X25519_SHA512 -#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) \ - f(client, ed25519_sntrup761x25519_sha512, kexcmd(SNTRUP_NAME), setup_ed25519, teardown) -#else -#define PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) -#endif - -#if defined(HAVE_MLKEM) && defined(OPENSSH_MLKEM768X25519_SHA256) -#define PKDTESTS_KEX_OPENSSHONLY_MLKEM768(f, client, kexcmd) \ - f(client, ed25519_mlkem768x25519_sha256, kexcmd("mlkem768x25519-sha256"), setup_ed25519, teardown) -#else -#define PKDTESTS_KEX_OPENSSHONLY_MLKEM768(f, client, kexcmd) -#endif - -#define PKDTESTS_KEX_OPENSSHONLY(f, client, kexcmd) \ - /* Kex algorithms. */ \ - PKDTESTS_KEX_OPENSSHONLY_SNTRUP761(f, client, kexcmd) \ - PKDTESTS_KEX_OPENSSHONLY_SNTRUP761_OPENSSH(f, client, kexcmd) \ - PKDTESTS_KEX_OPENSSHONLY_MLKEM768(f, client, kexcmd) \ f(client, ed25519_curve25519_sha256, kexcmd("curve25519-sha256"), setup_ed25519, teardown) \ f(client, ed25519_curve25519_sha256_libssh_org, kexcmd("curve25519-sha256@libssh.org"), setup_ed25519, teardown) \ f(client, ed25519_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ed25519, teardown) \ @@ -391,8 +362,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ed25519_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ed25519, teardown) \ f(client, ed25519_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_ed25519, teardown) \ f(client, ed25519_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_ed25519, teardown) - -#define CHACHA20 "chacha20-poly1305@openssh.com" +#endif #define PKDTESTS_CIPHER_COMMON(f, client, ciphercmd) \ f(client, rsa_aes128_ctr, ciphercmd("aes128-ctr"), setup_rsa, teardown) \ @@ -415,6 +385,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, ecdsa_521_aes128_cbc, ciphercmd("aes128-cbc"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_aes256_cbc, ciphercmd("aes256-cbc"), setup_ecdsa_521, teardown) +#define CHACHA20 "chacha20-poly1305@openssh.com" #define PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd) \ f(client, rsa_chacha20, ciphercmd(CHACHA20), setup_rsa, teardown) \ f(client, ed25519_chacha20, ciphercmd(CHACHA20), setup_ed25519, teardown) \ @@ -425,7 +396,9 @@ static int torture_pkd_setup_ecdsa_521(void **state) { #define PKDTESTS_CIPHER(f, client, ciphercmd) \ /* Ciphers. */ \ PKDTESTS_CIPHER_COMMON(f, client, ciphercmd) \ - PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd) + PKDTESTS_CIPHER_CHACHA(f, client, ciphercmd) \ + f(client, ed25519_aes128_ctr, ciphercmd("aes128-ctr"), setup_ed25519, teardown) \ + f(client, ed25519_aes256_ctr, ciphercmd("aes256-ctr"), setup_ed25519, teardown) #define AES128_GCM "aes128-gcm@openssh.com" #define AES256_GCM "aes256-gcm@openssh.com" @@ -450,9 +423,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) { f(client, rsa_aes192_ctr, ciphercmd("aes192-ctr"), setup_rsa, teardown) \ f(client, ed25519_3des_cbc, ciphercmd("3des-cbc"), setup_ed25519, teardown) \ f(client, ed25519_aes128_cbc, ciphercmd("aes128-cbc"), setup_ed25519, teardown) \ - f(client, ed25519_aes128_ctr, ciphercmd("aes128-ctr"), setup_ed25519, teardown) \ f(client, ed25519_aes256_cbc, ciphercmd("aes256-cbc"), setup_ed25519, teardown) \ - f(client, ed25519_aes256_ctr, ciphercmd("aes256-ctr"), setup_ed25519, teardown) \ f(client, ed25519_aes192_cbc, ciphercmd("aes192-cbc"), setup_ed25519, teardown) \ f(client, ed25519_aes192_ctr, ciphercmd("aes192-ctr"), setup_ed25519, teardown) \ f(client, ed25519_aes128_gcm, ciphercmd(AES128_GCM), setup_ed25519, teardown) \ @@ -489,7 +460,8 @@ static int torture_pkd_setup_ecdsa_521(void **state) { #ifdef DROPBEAR_SUPPORTS_HMAC_SHA1 #define PKDTESTS_MAC_FIPS(f, client, maccmd) \ PKDTESTS_MAC_FIPS_BASE(f, client, maccmd) \ - PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd) + PKDTESTS_MAC_FIPS_SHA1(f, client, maccmd) \ + f(client, ed25519_hmac_sha1, maccmd("hmac-sha1"), setup_ed25519, teardown) #define PKDTESTS_MAC_OPENSSHONLY_FIPS_SHA1(f, client, maccmd) #else #define PKDTESTS_MAC_FIPS(f, client, maccmd) \ @@ -519,12 +491,12 @@ static int torture_pkd_setup_ecdsa_521(void **state) { #define PKDTESTS_MAC(f, client, maccmd) \ /* MACs. */ \ - PKDTESTS_MAC_FIPS(f, client, maccmd) + PKDTESTS_MAC_FIPS(f, client, maccmd) \ + f(client, ed25519_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ed25519, teardown) + #define PKDTESTS_MAC_OPENSSHONLY(f, client, maccmd) \ PKDTESTS_MAC_OPENSSHONLY_FIPS(f, client, maccmd) \ - f(client, ed25519_hmac_sha1, maccmd("hmac-sha1"), setup_ed25519, teardown) \ f(client, ed25519_hmac_sha1_etm, maccmd("hmac-sha1-etm@openssh.com"), setup_ed25519, teardown) \ - f(client, ed25519_hmac_sha2_256, maccmd("hmac-sha2-256"), setup_ed25519, teardown) \ f(client, ed25519_hmac_sha2_256_etm, maccmd("hmac-sha2-256-etm@openssh.com"), setup_ed25519, teardown) \ f(client, ed25519_hmac_sha2_512, maccmd("hmac-sha2-512"), setup_ed25519, teardown) \ f(client, ed25519_hmac_sha2_512_etm, maccmd("hmac-sha2-512-etm@openssh.com"), setup_ed25519, teardown) @@ -587,9 +559,7 @@ static void torture_pkd_runtest(const char *testname, PKDTESTS_DEFAULT(emit_keytest, openssh_rsa, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_keytest, openssh_cert_rsa, OPENSSH_CERT_CMD) PKDTESTS_DEFAULT(emit_keytest, openssh_sha256_cert_rsa, OPENSSH_SHA256_CERT_CMD) -PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CMD) PKDTESTS_KEX(emit_keytest, openssh_rsa, OPENSSH_KEX_CMD) -PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD) @@ -600,9 +570,7 @@ PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD) #define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY PKDTESTS_DEFAULT(emit_keytest, openssh_e256, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_keytest, openssh_cert_e256, OPENSSH_CERT_CMD) -PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_CMD) PKDTESTS_KEX(emit_keytest, openssh_e256, OPENSSH_KEX_CMD) -PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_keytest, openssh_e256, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_keytest, openssh_e256, OPENSSH_MAC_CMD) @@ -616,9 +584,7 @@ PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_e256, OPENSSH_MAC_CMD) #define CLIENT_ID_FILE OPENSSH_ED25519_TESTKEY PKDTESTS_DEFAULT(emit_keytest, openssh_ed, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_keytest, openssh_cert_ed, OPENSSH_CERT_CMD) -PKDTESTS_DEFAULT_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_CMD) PKDTESTS_KEX(emit_keytest, openssh_ed, OPENSSH_KEX_CMD) -PKDTESTS_KEX_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_keytest, openssh_ed, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_ed, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_keytest, openssh_ed, OPENSSH_MAC_CMD) @@ -658,9 +624,7 @@ struct { PKDTESTS_DEFAULT(emit_testmap, openssh_rsa, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_testmap, openssh_cert_rsa, OPENSSH_CERT_CMD) PKDTESTS_DEFAULT(emit_testmap, openssh_sha256_cert_rsa, OPENSSH_SHA256_CERT_CMD) - PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CMD) PKDTESTS_KEX(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD) - PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD) @@ -669,9 +633,7 @@ struct { PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_testmap, openssh_cert_e256, OPENSSH_CERT_CMD) - PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD) PKDTESTS_KEX(emit_testmap, openssh_e256, OPENSSH_KEX_CMD) - PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_testmap, openssh_e256, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_testmap, openssh_e256, OPENSSH_MAC_CMD) @@ -679,9 +641,7 @@ struct { PKDTESTS_DEFAULT(emit_testmap, openssh_ed, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_testmap, openssh_cert_ed, OPENSSH_CERT_CMD) - PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_CMD) PKDTESTS_KEX(emit_testmap, openssh_ed, OPENSSH_KEX_CMD) - PKDTESTS_KEX_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_testmap, openssh_ed, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_ed, OPENSSH_CIPHER_CMD) PKDTESTS_MAC(emit_testmap, openssh_ed, OPENSSH_MAC_CMD) @@ -713,7 +673,6 @@ static int pkd_run_tests(void) { PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_rsa, OPENSSH_CERT_CMD) PKDTESTS_DEFAULT_FIPS(emit_unit_test_comma, openssh_sha256_cert_rsa, OPENSSH_SHA256_CERT_CMD) - PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_rsa, OPENSSH_CMD) PKDTESTS_KEX(emit_unit_test_comma, openssh_rsa, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_unit_test_comma, openssh_rsa, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_rsa, OPENSSH_CIPHER_CMD) @@ -722,7 +681,6 @@ static int pkd_run_tests(void) { PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_e256, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_e256, OPENSSH_CERT_CMD) - PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_e256, OPENSSH_CMD) PKDTESTS_KEX(emit_unit_test_comma, openssh_e256, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_unit_test_comma, openssh_e256, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_e256, OPENSSH_CIPHER_CMD) @@ -731,7 +689,6 @@ static int pkd_run_tests(void) { PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_ed, OPENSSH_CMD) PKDTESTS_DEFAULT(emit_unit_test_comma, openssh_cert_ed, OPENSSH_CERT_CMD) - PKDTESTS_DEFAULT_OPENSSHONLY(emit_unit_test_comma, openssh_ed, OPENSSH_CMD) PKDTESTS_KEX(emit_unit_test_comma, openssh_ed, OPENSSH_KEX_CMD) PKDTESTS_CIPHER(emit_unit_test_comma, openssh_ed, OPENSSH_CIPHER_CMD) PKDTESTS_CIPHER_OPENSSHONLY(emit_unit_test_comma, openssh_ed, OPENSSH_CIPHER_CMD)