Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Commits
[openssh] 01/05: upstream: Add interop test with Dropbear.
git+noreply at mindrot
Oct 20, 2023, 2:45 AM
Post #1 of 1 (39 views)
Permalink
This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit fbaa707d455a61d0aef8ae65e02a25bac5351e5c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date: Fri Oct 20 06:56:45 2023 +0000

upstream: Add interop test with Dropbear.

Right now this is only dbclient not the Dropbear server since it won't
currently run as a ProxyCommand.

OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496
---
regress/Makefile | 4 +++-
regress/dropbear-ciphers.sh | 33 +++++++++++++++++++++++++++++++++
regress/dropbear-kex.sh | 31 +++++++++++++++++++++++++++++++
regress/test-exec.sh | 36 +++++++++++++++++++++++++++++++++++-
4 files changed, 102 insertions(+), 2 deletions(-)

diff --git a/regress/Makefile b/regress/Makefile
index a3a35c25..d1e52b37 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.126 2023/09/06 23:36:09 djm Exp $
+# $OpenBSD: Makefile,v 1.128 2023/10/20 06:56:45 dtucker Exp $

tests: prep file-tests t-exec unit

@@ -18,6 +18,7 @@ prep:
clean:
for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
rm -rf $(OBJ).putty
+ rm -rf $(OBJ).dropbear

distclean: clean

@@ -109,6 +110,7 @@ LTESTS= connect \
match-subsystem

INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
+INTEROP_TESTS+= dropbear-ciphers dropbear-kex
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp

EXTRA_TESTS= agent-pkcs11
diff --git a/regress/dropbear-ciphers.sh b/regress/dropbear-ciphers.sh
new file mode 100644
index 00000000..2e0f9a1d
--- /dev/null
+++ b/regress/dropbear-ciphers.sh
@@ -0,0 +1,33 @@
+# $OpenBSD: dropbear-ciphers.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dropbear ciphers"
+
+if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
+ skip "dropbear interop tests not enabled"
+fi
+
+cat >>$OBJ/sshd_proxy <<EOD
+PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
+HostkeyAlgorithms +ssh-rsa,ssh-dss
+EOD
+
+ciphers=`$DBCLIENT -c help 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '`
+macs=`$DBCLIENT -m help 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '`
+keytype=`(cd $OBJ/.dropbear && ls id_*)`
+
+for c in $ciphers ; do
+ for m in $macs; do
+ for kt in $keytype; do
+ verbose "$tid: cipher $c mac $m kt $kt"
+ rm -f ${COPY}
+ env HOME=$OBJ dbclient -y -i $OBJ/.dropbear/$kt 2>$OBJ/dbclient.log \
+ -c $c -m $m -J "$OBJ/ssh_proxy.sh" somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+ done
+ done
+done
+rm -f ${COPY}
diff --git a/regress/dropbear-kex.sh b/regress/dropbear-kex.sh
new file mode 100644
index 00000000..a25de3ed
--- /dev/null
+++ b/regress/dropbear-kex.sh
@@ -0,0 +1,31 @@
+# $OpenBSD: dropbear-kex.sh,v 1.1 2023/10/20 06:56:45 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dropbear kex"
+
+if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
+ skip "dropbear interop tests not enabled"
+fi
+
+cat >>$OBJ/sshd_proxy <<EOD
+PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
+HostkeyAlgorithms +ssh-rsa,ssh-dss
+EOD
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
+
+kex="curve25519-sha256 curve25519-sha256@libssh.org
+ diffie-hellman-group14-sha256 diffie-hellman-group14-sha1"
+
+for k in $kex; do
+ verbose "$tid: kex $k"
+ rm -f ${COPY}
+ # dbclient doesn't have switch for kex, so force in server
+ (cat $OBJ/sshd_proxy.bak; echo "KexAlgorithms $k") >$OBJ/sshd_proxy
+ env HOME=$OBJ dbclient -y -i $OBJ/.dropbear/id_rsa 2>$OBJ/dbclient.log \
+ -J "$OBJ/ssh_proxy.sh" somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+done
+rm -f ${COPY}
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index d060b79d..995b4890 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: test-exec.sh,v 1.99 2023/10/12 03:48:53 djm Exp $
+# $OpenBSD: test-exec.sh,v 1.100 2023/10/20 06:56:45 dtucker Exp $
# Placed in the Public Domain.

#SUDO=sudo
@@ -99,6 +99,10 @@ SSH_REGRESS_TMP=
PLINK=plink
PUTTYGEN=puttygen
CONCH=conch
+DROPBEAR=dropbear
+DBCLIENT=dbclient
+DROPBEARKEY=dropbearkey
+DROPBEARCONVERT=dropbearconvert

# Tools used by multiple tests
NC=$OBJ/netcat
@@ -790,6 +794,30 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
export PUTTYDIR
fi

+REGRESS_INTEROP_DROPBEAR=no
+if test -x "$DROPBEARKEY" -a -x "$DBCLIENT" -a -x "$DROPBEARCONVERT"; then
+ REGRESS_INTEROP_DROPBEAR=yes
+fi
+case "$SCRIPT" in
+*dropbear*) ;;
+*) REGRESS_INTEROP_DROPBEAR=no ;;
+esac
+
+if test "$REGRESS_INTEROP_DROPBEAR" = "yes" ; then
+ trace Create dropbear keys and add to authorized_keys
+ mkdir -p $OBJ/.dropbear
+ for i in rsa ecdsa ed25519 dss; do
+ if [ ! -f "$OBJ/.dropbear/id_$i" ]; then
+ ($DROPBEARKEY -t $i -f $OBJ/.dropbear/id_$i
+ $DROPBEARCONVERT dropbear openssh \
+ $OBJ/.dropbear/id_$i $OBJ/.dropbear/ossh.id_$i
+ ) > /dev/null 2>&1
+ fi
+ $SSHKEYGEN -y -f $OBJ/.dropbear/ossh.id_$i \
+ >>$OBJ/authorized_keys_$USER
+ done
+fi
+
# create a proxy version of the client config
(
cat $OBJ/ssh_config
@@ -799,6 +827,12 @@ fi
# check proxy config
${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"

+# extract proxycommand into separate shell script for use by Dropbear.
+echo '#!/bin/sh' >$OBJ/ssh_proxy.sh
+awk '/^proxycommand/' $OBJ/ssh_proxy | sed 's/^proxycommand//' \
+ >>$OBJ/ssh_proxy.sh
+chmod a+x $OBJ/ssh_proxy.sh
+
start_sshd ()
{
# start sshd

--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal