diff --git a/.github/workflows/ubuntu.yaml b/.github/workflows/ubuntu.yaml index f4f83dc2017a..2ec0b16d6e01 100644 --- a/.github/workflows/ubuntu.yaml +++ b/.github/workflows/ubuntu.yaml @@ -22,3 +22,9 @@ jobs: run: ./oqs-test/run_tests.sh - name: Ensure we have the ssh and sshd syntax right once for each algorithm run: python3 oqs-test/try_connection.py doone + - name: Test System OpenSSH Interop + run: | + which ssh + ssh -Q PubkeyAcceptedKeyTypes + ssh -V + python3 ./oqs-test/try_connection.py --ssh `which ssh` --kex sntrup761x25519-sha512@openssh.com --sig ssh-ed25519 doone \ No newline at end of file diff --git a/oqs-test/try_connection.py b/oqs-test/try_connection.py index 050cbe184f59..b092d99e744a 100644 --- a/oqs-test/try_connection.py +++ b/oqs-test/try_connection.py @@ -110,6 +110,7 @@ "ssh-mayo5", "ssh-ecdsa-nistp521-mayo5", ##### OQS_TEMPLATE_FRAGMENT_LIST_ALL_SIGS_END + "ssh-ed25519", # Classical signature algorithm for OpenSSH interop testing ] def do_handshake(ssh, sshd, test_sig, test_kex): @@ -146,11 +147,11 @@ def do_handshake(ssh, sshd, test_sig, test_kex): print("Success! Key Exchange Algorithm: {}. Signature Algorithm: {}.".format(test_kex, test_sig)) -def try_handshake(ssh, sshd, dorandom="random"): +def try_handshake(ssh, sshd, test_kexes, test_sigs, dorandom="random"): if dorandom!="random": - for test_kex in kexs: - for test_sig in sigs: - if dorandom=="doall" or (dorandom=="doone" and (test_kex==kexs[0] or test_sig==sigs[0])): + for test_kex in test_kexes: + for test_sig in test_sigs: + if dorandom=="doall" or (dorandom=="doone" and (test_kex==test_kexes[0] or test_sig==test_sigs[0])): do_handshake(ssh, sshd, test_sig, test_kex) else: test_sig = random.choice(sigs) @@ -160,9 +161,13 @@ def try_handshake(ssh, sshd, dorandom="random"): if __name__ == '__main__': parser = argparse.ArgumentParser(description="Test connections between ssh and sshd using PQ algorithms.") parser.add_argument("--ssh", default=os.path.abspath('ssh'), type=str, help="Override the ssh binary.") + parser.add_argument("--kex", choices=kexs, help="Specific KEX algorithm to test.") + parser.add_argument("--sig", choices=sigs, help="Specific SIG algorithm to test.") parser.add_argument("--sshd", default=os.path.abspath('sshd'), type=str, help="Override the sshd binary.") parser.add_argument("dorandom", type=str, default="random", choices=["doall", "doone", "random"], help="Slice of test cases to run.") args = parser.parse_args() - try_handshake(args.ssh, args.sshd, args.dorandom) + test_kexes = [args.kex] if args.kex else kexs + test_sigs = [args.sig] if args.sig else sigs + try_handshake(args.ssh, args.sshd, test_kexes, test_sigs, args.dorandom)