From bcfe7340d9b622ecd978c87dbf885c8b5a503ca2 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Sat, 28 Jun 2025 13:34:08 +0000 Subject: [PATCH] upstream: Add simple regression test for dropbear as a server. OpenBSD-Regress-ID: 7abe1f6607d0cd49839918aade8f135d2462d389 --- regress/Makefile | 4 +-- regress/dropbear-server.sh | 62 ++++++++++++++++++++++++++++++++++++++ regress/test-exec.sh | 4 +-- 3 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 regress/dropbear-server.sh diff --git a/regress/Makefile b/regress/Makefile index d0298d45e..b8787205a 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.138 2025/06/24 12:28:23 dtucker Exp $ +# $OpenBSD: Makefile,v 1.139 2025/06/28 13:34:08 dtucker Exp $ tests: prep file-tests t-exec unit @@ -116,7 +116,7 @@ LTESTS= connect \ penalty-expire INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers -INTEROP_TESTS+= dropbear-ciphers dropbear-kex +INTEROP_TESTS+= dropbear-ciphers dropbear-kex dropbear-server #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp EXTRA_TESTS= agent-pkcs11 diff --git a/regress/dropbear-server.sh b/regress/dropbear-server.sh new file mode 100644 index 000000000..d3ea6dcc5 --- /dev/null +++ b/regress/dropbear-server.sh @@ -0,0 +1,62 @@ +# $OpenBSD: dropbear-server.sh,v 1.1 2025/06/28 13:34:08 dtucker Exp $ +# Placed in the Public Domain. + +tid="dropbear server" + +if test "x$REGRESS_INTEROP_DROPBEAR" != "xyes" ; then + skip "dropbear interop tests not enabled" +fi + +if [ -z "$SUDO" -a ! -w /var/run ]; then + skip "need SUDO to create dir in /var/run, test won't work without" +fi +authkeydir=/var/run/dropbear-regress + +ciphers=`$DBCLIENT -c help hst 2>&1 | awk '/ ciphers: /{print $4}' | tr ',' ' '` +macs=`$DBCLIENT -m help hst 2>&1 | awk '/ MACs: /{print $4}' | tr ',' ' '` +if [ -z "$macs" ] || [ -z "$ciphers" ]; then + skip "dbclient query ciphers '$ciphers' or macs '$macs' failed" +fi + +# Set up authorized_keys for dropbear. +umask 077 +$SUDO mkdir -p $authkeydir +$SUDO chown -R $USER $authkeydir +cp $OBJ/authorized_keys_$USER $authkeydir/authorized_keys + +for i in `$SUDO $SSHD -f $OBJ/sshd_config -T | grep -v sk- | \ + awk '$1=="hostkey" {print $2}'`; do + file=`basename "$i"` + file=`echo "$file" | sed s/^host\./db\./g` + if $SUDO $DROPBEARCONVERT openssh dropbear "$i" "$OBJ/$file" \ + >/dev/null 2>&1; then + $SUDO chown $USER $OBJ/$file + hkeys="-r $OBJ/$file" + fi +done + +rm -f $OBJ/dropbear.pid +$DROPBEAR -D $authkeydir -p $PORT -P $OBJ/dropbear.pid $hkeys -E \ + 2>$OBJ/sshd.log +if [ $? -ne 0 ]; then + fatal "starting dropbear server failed" +fi +while [ ! -f $OBJ/dropbear.pid ]; do + sleep 1 +done + +pid=`cat $OBJ/dropbear.pid` +trap "kill $pid; $SUDO rm -rf $authkeydir" 0 + +for c in $ciphers; do + for m in $macs; do + trace "$tid: cipher $c mac $m hk $hk" + rm -f ${COPY} + ${SSH} -F $OBJ/ssh_config -oCiphers=$c -oMacs=$m \ + somehost cat ${DATA} > ${COPY} + if [ $? -ne 0 ]; then + fail "connect dropbear server failed" + fi + cmp ${DATA} ${COPY} || fail "corrupted copy" + done +done diff --git a/regress/test-exec.sh b/regress/test-exec.sh index d4d40c2ae..0ecf6c5a8 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.129 2025/05/24 04:40:37 djm Exp $ +# $OpenBSD: test-exec.sh,v 1.130 2025/06/28 13:34:08 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -101,7 +101,7 @@ SSH_REGRESS_TMP= PLINK=/usr/local/bin/plink PUTTYGEN=/usr/local/bin/puttygen CONCH=/usr/local/bin/conch -DROPBEAR=/usr/local/bin/dropbear +DROPBEAR=/usr/local/sbin/dropbear DBCLIENT=/usr/local/bin/dbclient DROPBEARKEY=/usr/local/bin/dropbearkey DROPBEARCONVERT=/usr/local/bin/dropbearconvert -- 2.47.2