lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-12-03 13:31:11 +03:00
Code Activity
6,430 Commits 12 Branches 62 Tags
a9c8f942a539953c128781254773bc6c241e2b35
Commit Graph

45 Commits

Author SHA1 Message Date
Sahana Prasad
a9c8f942a5 kex: Implement mlkem768x25519-sha256 
The implementation largely follows that of sntrup761x25519-sha512.

Most of the work was done by Sahana with the help of Claude,
Pavol provided fixes to match specs and did a final clean up.

Co-Authored-By: Sahana Prasad <sahana@redhat.com>
Co-Authored-By: Pavol Žáčik <pzacik@redhat.com>
Co-Authored-By: Claude <noreply@anthropic.com>

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2025-11-05 17:44:33 +01:00
Jakub Jelen
6ca59307d4 Add non-namespaced alias sntrup761x25519-sha512 that is being standardized 
The specification is now in the last call, data point is allocated so there is
no need to stick to the namespaces alias anymore

https://datatracker.ietf.org/doc/draft-ietf-sshm-ntruprime-ssh/

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-09-10 12:23:08 +02:00
Simon Josefsson
4becc8eb82 kex: Add sntrup761x25519-sha512@openssh.com. 
All of the initial work was done by Simon. Jakub cleaned up the
formatting issues, resolved the padding of bignum to match specs
and be interoperable with OpenSSH (and few more minor details).

Closes: #194.

Signed-off-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2025-01-21 11:32:49 +01:00
Jakub Jelen
0882338142 Detect blowfish in mbedtls and skip it if not found 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
 2024-05-16 09:56:38 +02:00
khalid
f9147a3cf4 Remove zlib from the default compression methods and fips methods 
Signed-off-by: Khalid Mamdouh <khalidmamdou7@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2023-03-28 11:36:44 +02:00
Jakub Jelen
22f89e043b tests: Test MAC algorithm mismatch when AEAD cipher is selected 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
 2020-10-14 11:07:18 +02:00
Anderson Toshiyuki Sasaki
9eb1ce88ae kex: Add support for diffie-hellman-group14-sha256 
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2020-04-06 09:27:26 +02:00
Aris Adamantiadis
7ec67011c5 tests: use OpenSSH-provided ciphers 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-12-23 14:31:32 +01:00
Anderson Toshiyuki Sasaki
bdb2ef4dcc tests/torture_algorithms: Skip some tests in FIPS mode 
When running in FIPS mode, skip the tests using algorithms not allowed.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-06-13 16:28:25 +02:00
Jakub Jelen
bb7920efbc tests: Avoid reading user configuration when running algorithm tests 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-04-29 13:18:09 +02:00
Dirkjan Bussink
4a67c19118 Add tests and implementation for Encrypt-then-MAC mode 
This adds the OpenSSH HMACs that do encrypt then mac. This is a more
secure mode than the original HMAC. Newer AEAD ciphers like chacha20 and
AES-GCM are already encrypt-then-mac, but this also adds it for older
legacy clients that don't support those ciphers yet.

Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2019-02-22 15:31:08 +01:00
Jakub Jelen
fffa66698f Allow building without Group Exchange support 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-02-07 10:30:05 +01:00
Aris Adamantiadis
31da8025b2 tests: Add dh-group-exchange algorithm tests 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-24 11:56:23 +01:00
Jakub Jelen
42c92074b9 tests: Do not run SSHD with PAM when not needed 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2019-01-09 10:14:56 +01:00
Andreas Schneider
dea6fe3d89 crypto: Disable blowfish support by default 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
 2018-12-19 14:57:29 +01:00
Jakub Jelen
05417665b9 tests: Drop duplicate log level setup 
Already done in the setup phase.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-23 17:30:16 +01:00
Aris Adamantiadis
8e002b9415 tests: Add tests for dh-group14, group16 and group18 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-11-21 16:54:24 +01:00
Jakub Jelen
42bd7cdf6c tests: Add aes-gcm ciphers tests 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-10-09 13:05:38 +02:00
Andreas Schneider
b4462bdea0 tests: Use assert_ssh_return_code() in torture_algorithms 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-07-02 08:03:20 +02:00
Tilo Eckert
a4a6017e6e tests: add algorithm tests for kex curve25519 
Signed-off-by: Tilo Eckert <tilo.eckert@flam.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-29 15:57:45 +02:00
Aris Adamantiadis
23accdde1a tests: send more packets of various sizes 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Aris Adamantiadis
27711f6a4c tests: test for chacha20-poly1305@openssh.com 
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2018-06-28 09:06:30 +02:00
Andreas Schneider
72f6b34dbc tests: We should only init and finalize libssh once 
This should fix a segfault with gcrypt.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2018-05-07 08:33:32 +02:00
Jakub Jelen
176b92a4f4 tests/client/algorithms: Respect global verbosity settings 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2017-12-21 11:43:19 +01:00
Jakub Jelen
b92c499626 tests: Do not test blowfish ciphers with OpenSSH 7.6 and newer 2017-12-15 11:59:19 +01:00
Jon Simons
9d79b7629c torture_algorithms: deduplicate kex method passes 
Summary: Signed-off-by: Jon Simons <jon@jonsimons.org>

Test Plan:  * Re-ran the `torture_algorithms` test.

Reviewers: asn

Tags: #libssh

Differential Revision: https://bugs.libssh.org/D8
 2017-10-29 15:50:09 +01:00
Andreas Schneider
f0ddde4826 Fix config.h includes 
We need stdlib.h and string.h in priv.h for free() and memset().

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2017-10-28 14:31:37 +02:00
Jon Simons
6252aab88a ecdh: enable ecdh_sha2_nistp{384,521} kex methods 
Summary:
Based on Dirkjan's original patch series here:

 * https://www.libssh.org/archive/libssh/2015-08/0000029.html

Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.

Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

Test Plan:
 * Ran pkd tests for libcrypto and libgcrypt builds.
 * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
 * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").

Reviewers: aris, asn

Tags: #libssh

Differential Revision: https://bugs.libssh.org/D7
 2017-08-24 18:18:41 +02:00
Andreas Schneider
cbd75c3e35 tests: Switch to user bob in setup 
This makes sure we can apply options correctly.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-02-03 09:01:24 +01:00
Andreas Schneider
3014e3c458 tests: Migrate torture_algorithms to a cwrap test 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2016-01-14 08:04:49 +01:00
Andreas Schneider
82a80b205b tests: Migrate to new cmocka API 
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
 2015-09-07 10:40:12 +02:00
Aris Adamantiadis
d42a1a35b0 tests: allow conditionnal execution on pattern 
Option can be used to filter out irrelevant tests
usage: ./torture_pki '*ed25519'

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2015-02-02 17:34:15 +01:00
Dirkjan Bussink
c520d97dd9 Add tests for SHA2 HMAC algorithms 
BUG: https://red.libssh.org/issues/91

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
 2014-04-22 10:57:35 +02:00
Andreas Schneider
0493c1fea9 tests: Don't run ecdh tests if not supported by crypto lib. 2012-10-07 12:04:58 +02:00
Andreas Schneider
6859e4f4ec build: Fix zlib support. 2011-09-23 22:57:21 +02:00
Aris Adamantiadis
43fc7553f8 torture_algorithm: follow verbosity 2011-09-23 22:57:05 +02:00
Andreas Schneider
e236577503 tests: Enable ecdh_sha2_nistp256 test only with openssl. 2011-08-30 09:34:23 +02:00
Andreas Schneider
d0d9e62611 tests: Fix torture test with zlib support. 2011-08-22 08:26:02 +02:00
Aris Adamantiadis
113de13543 Test for ecdh and dh-group1 2011-06-12 20:54:33 +02:00
Andreas Schneider
2464a25de7 tests: Fixed a build warning introduced before. 2011-01-03 09:02:34 +01:00
Andreas Schneider
e12253168c tests: Call init and finalize in client torture tests. 2011-01-03 08:46:14 +01:00
Andreas Schneider
0b2cf70622 tests: Migrated torture_algorithms to cmockery. 2010-12-28 22:14:47 +01:00
Andreas Schneider
32c0e1c99a test: Added openssh checks to the compression tests. 2010-12-27 22:47:37 +01:00
Aris Adamantiadis
da9cd2e64d Implemented zlib@openssh.com compression 2010-10-04 16:19:20 +02:00
Andreas Schneider
5dd4f7604f tests: Move client tests to a seperate directory. 
Tests which require a running sshd should go to tests/client.
 2010-06-03 12:36:00 +02:00