upstream: Add simple regression test for dropbear as a server.

OpenBSD-Regress-ID: 7abe1f6607d0cd49839918aade8f135d2462d389

diff --git a/regress/Makefile b/regress/Makefile
index d0298d45e0090a9d876b5645dc1cd610102fc59e..b8787205a15f3caa09daf09d402d816ad04b4190 100644 (file)
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.138 2025/06/24 12:28:23 dtucker Exp $
+#      $OpenBSD: Makefile,v 1.139 2025/06/28 13:34:08 dtucker Exp $
 
 tests:         prep file-tests t-exec unit
 
@@ -116,7 +116,7 @@ LTESTS=     connect \
                penalty-expire
 
 INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
-INTEROP_TESTS+=        dropbear-ciphers dropbear-kex
+INTEROP_TESTS+=        dropbear-ciphers dropbear-kex dropbear-server
 #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
 
 EXTRA_TESTS=   agent-pkcs11

diff --git a/regress/dropbear-server.sh b/regress/dropbear-server.sh
new file mode 100644 (file)
index 0000000..d3ea6dc
--- /dev/null
+++ b/regress/dropbear-server.sh
@@ -0,0 +1,62 @@
+#      $OpenBSD: dropbear-server.sh,v 1.1 2025/06/28 13:34:08 dtucker Exp $
+#      Placed in the Public Domain.
+
+tid="dropbear server"
+
+if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then
+       skip "dropbear interop tests not enabled"
+fi
+
+if [ -z "$SUDO" -a ! -w /var/run ]; then
+       skip "need SUDO to create dir in /var/run, test won't work without"
+fi
+authkeydir=/var/run/dropbear-regress
+
+ciphers=`$DBCLIENT -c help hst 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '`
+macs=`$DBCLIENT -m help hst 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '`
+if [ -z "$macs" ] || [ -z "$ciphers" ]; then
+       skip "dbclient query ciphers '$ciphers' or macs '$macs' failed"
+fi
+
+# Set up authorized_keys for dropbear.
+umask 077
+$SUDO mkdir -p $authkeydir
+$SUDO chown -R $USER $authkeydir
+cp $OBJ/authorized_keys_$USER $authkeydir/authorized_keys
+
+for i in `$SUDO $SSHD -f $OBJ/sshd_config -T | grep -v sk- | \
+    awk '$1=="hostkey" {print $2}'`; do
+       file=`basename "$i"`
+       file=`echo "$file" | sed s/^host\./db\./g`
+       if $SUDO $DROPBEARCONVERT openssh dropbear "$i" "$OBJ/$file" \
+           >/dev/null 2>&1; then
+               $SUDO chown $USER $OBJ/$file
+               hkeys="-r $OBJ/$file"
+       fi
+done
+
+rm -f $OBJ/dropbear.pid
+$DROPBEAR -D $authkeydir -p $PORT -P $OBJ/dropbear.pid $hkeys -E \
+    2>$OBJ/sshd.log
+if [ $? -ne 0 ]; then
+       fatal "starting dropbear server failed"
+fi
+while [ ! -f $OBJ/dropbear.pid ]; do
+       sleep 1
+done
+
+pid=`cat $OBJ/dropbear.pid`
+trap "kill $pid; $SUDO rm -rf $authkeydir" 0
+
+for c in $ciphers; do
+  for m in $macs; do
+       trace "$tid: cipher $c mac $m hk $hk"
+       rm -f ${COPY}
+       ${SSH} -F $OBJ/ssh_config -oCiphers=$c -oMacs=$m \
+          somehost cat ${DATA} > ${COPY}
+       if [ $? -ne 0 ]; then
+               fail "connect dropbear server failed"
+       fi
+       cmp ${DATA} ${COPY}             || fail "corrupted copy"
+  done
+done

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index d4d40c2ae893b358b9c1ba0a3843ebe4ae07834b..0ecf6c5a83c06341127aadf9ff2d61cd04fccd80 100644 (file)
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: test-exec.sh,v 1.129 2025/05/24 04:40:37 djm Exp $
+#      $OpenBSD: test-exec.sh,v 1.130 2025/06/28 13:34:08 dtucker Exp $
 #      Placed in the Public Domain.
 
 #SUDO=sudo
@@ -101,7 +101,7 @@ SSH_REGRESS_TMP=
 PLINK=/usr/local/bin/plink
 PUTTYGEN=/usr/local/bin/puttygen
 CONCH=/usr/local/bin/conch
-DROPBEAR=/usr/local/bin/dropbear
+DROPBEAR=/usr/local/sbin/dropbear
 DBCLIENT=/usr/local/bin/dbclient
 DROPBEARKEY=/usr/local/bin/dropbearkey
 DROPBEARCONVERT=/usr/local/bin/dropbearconvert