4becc8eb82
kex: Add sntrup761x25519-sha512@openssh.com.
...
All of the initial work was done by Simon. Jakub cleaned up the
formatting issues, resolved the padding of bignum to match specs
and be interoperable with OpenSSH (and few more minor details).
Closes : #194 .
Signed-off-by: Simon Josefsson <simon@josefsson.org >
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
Reviewed-by: Sahana Prasad <sahana@redhat.com >
2025-01-21 11:32:49 +01:00
0882338142
Detect blowfish in mbedtls and skip it if not found
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Sahana Prasad <sahana@redhat.com >
2024-05-16 09:56:38 +02:00
f9147a3cf4
Remove zlib from the default compression methods and fips methods
...
Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com >
Reviewed-by: Jakub Jelen <jjelen@redhat.com >
2023-03-28 11:36:44 +02:00
22f89e043b
tests: Test MAC algorithm mismatch when AEAD cipher is selected
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com >
2020-10-14 11:07:18 +02:00
9eb1ce88ae
kex: Add support for diffie-hellman-group14-sha256
...
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2020-04-06 09:27:26 +02:00
7ec67011c5
tests: use OpenSSH-provided ciphers
...
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2019-12-23 14:31:32 +01:00
bdb2ef4dcc
tests/torture_algorithms: Skip some tests in FIPS mode
...
When running in FIPS mode, skip the tests using algorithms not allowed.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2019-06-13 16:28:25 +02:00
bb7920efbc
tests: Avoid reading user configuration when running algorithm tests
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2019-04-29 13:18:09 +02:00
4a67c19118
Add tests and implementation for Encrypt-then-MAC mode
...
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com >
Reviewed-by: Jon Simons <jon@jonsimons.org >
Reviewed-by: Jakub Jelen <jjelen@redhat.com >
2019-02-22 15:31:08 +01:00
fffa66698f
Allow building without Group Exchange support
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2019-02-07 10:30:05 +01:00
31da8025b2
tests: Add dh-group-exchange algorithm tests
...
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be >
Reviewed-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2019-01-24 11:56:23 +01:00
42c92074b9
tests: Do not run SSHD with PAM when not needed
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Daiki Ueno <dueno@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2019-01-09 10:14:56 +01:00
dea6fe3d89
crypto: Disable blowfish support by default
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
Reviewed-by: Jakub Jelen <jjelen@redhat.com >
2018-12-19 14:57:29 +01:00
05417665b9
tests: Drop duplicate log level setup
...
Already done in the setup phase.
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-11-23 17:30:16 +01:00
8e002b9415
tests: Add tests for dh-group14, group16 and group18
...
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be >
Reviewed-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-11-21 16:54:24 +01:00
42bd7cdf6c
tests: Add aes-gcm ciphers tests
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-10-09 13:05:38 +02:00
b4462bdea0
tests: Use assert_ssh_return_code() in torture_algorithms
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-07-02 08:03:20 +02:00
a4a6017e6e
tests: add algorithm tests for kex curve25519
...
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-29 15:57:45 +02:00
23accdde1a
tests: send more packets of various sizes
...
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-28 09:06:30 +02:00
27711f6a4c
tests: test for chacha20-poly1305@openssh.com
...
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2018-06-28 09:06:30 +02:00
72f6b34dbc
tests: We should only init and finalize libssh once
...
This should fix a segfault with gcrypt.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2018-05-07 08:33:32 +02:00
176b92a4f4
tests/client/algorithms: Respect global verbosity settings
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2017-12-21 11:43:19 +01:00
b92c499626
tests: Do not test blowfish ciphers with OpenSSH 7.6 and newer
2017-12-15 11:59:19 +01:00
9d79b7629c
torture_algorithms: deduplicate kex method passes
...
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org >
Test Plan: * Re-ran the `torture_algorithms` test.
Reviewers: asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D8
2017-10-29 15:50:09 +01:00
f0ddde4826
Fix config.h includes
...
We need stdlib.h and string.h in priv.h for free() and memset().
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2017-10-28 14:31:37 +02:00
6252aab88a
ecdh: enable ecdh_sha2_nistp{384,521} kex methods
...
Summary:
Based on Dirkjan's original patch series here:
* https://www.libssh.org/archive/libssh/2015-08/0000029.html
Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.
Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com >
Signed-off-by: Jon Simons <jon@jonsimons.org >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
Test Plan:
* Ran pkd tests for libcrypto and libgcrypt builds.
* Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
* Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").
Reviewers: aris, asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D7
2017-08-24 18:18:41 +02:00
cbd75c3e35
tests: Switch to user bob in setup
...
This makes sure we can apply options correctly.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2016-02-03 09:01:24 +01:00
3014e3c458
tests: Migrate torture_algorithms to a cwrap test
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2016-01-14 08:04:49 +01:00
82a80b205b
tests: Migrate to new cmocka API
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org >
2015-09-07 10:40:12 +02:00
d42a1a35b0
tests: allow conditionnal execution on pattern
...
Option can be used to filter out irrelevant tests
usage: ./torture_pki '*ed25519'
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be >
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2015-02-02 17:34:15 +01:00
c520d97dd9
Add tests for SHA2 HMAC algorithms
...
BUG: https://red.libssh.org/issues/91
Reviewed-by: Andreas Schneider <asn@cryptomilk.org >
2014-04-22 10:57:35 +02:00
0493c1fea9
tests: Don't run ecdh tests if not supported by crypto lib.
2012-10-07 12:04:58 +02:00
6859e4f4ec
build: Fix zlib support.
2011-09-23 22:57:21 +02:00
43fc7553f8
torture_algorithm: follow verbosity
2011-09-23 22:57:05 +02:00
e236577503
tests: Enable ecdh_sha2_nistp256 test only with openssl.
2011-08-30 09:34:23 +02:00
d0d9e62611
tests: Fix torture test with zlib support.
2011-08-22 08:26:02 +02:00
113de13543
Test for ecdh and dh-group1
2011-06-12 20:54:33 +02:00
2464a25de7
tests: Fixed a build warning introduced before.
2011-01-03 09:02:34 +01:00
e12253168c
tests: Call init and finalize in client torture tests.
2011-01-03 08:46:14 +01:00
0b2cf70622
tests: Migrated torture_algorithms to cmockery.
2010-12-28 22:14:47 +01:00
32c0e1c99a
test: Added openssh checks to the compression tests.
2010-12-27 22:47:37 +01:00
da9cd2e64d
Implemented zlib@openssh.com compression
2010-10-04 16:19:20 +02:00
5dd4f7604f
tests: Move client tests to a seperate directory.
...
Tests which require a running sshd should go to tests/client.
2010-06-03 12:36:00 +02:00
