xref: /openbsd-src/regress/usr.bin/ssh/Makefile (revision b5faf0e69814e8c1113ed95f6f1174b999496793) 
1#	$OpenBSD: Makefile,v 1.135 2024/06/14 04:43:11 djm Exp $
2
3OPENSSL?=	yes
4
5# Unit tests require OpenSSL.
6.if !defined(SKIP_UNIT) && ${OPENSSL:L} == yes
7SUBDIR=		unittests
8.endif
9SUBDIR+=	misc
10
11REGRESS_SETUP_ONCE=misc	# For sk-dummy.so
12
13# Key conversion operations are not supported when built w/out OpenSSL.
14.if !defined(LTESTS_FROM) && ${OPENSSL:L} != no
15REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
16.endif
17
18LTESTS= 	connect \
19		proxy-connect \
20		sshfp-connect \
21		connect-privsep \
22		connect-uri \
23		proto-version \
24		proto-mismatch \
25		exit-status \
26		exit-status-signal \
27		envpass \
28		transfer \
29		banner \
30		rekey \
31		dhgex \
32		stderr-data \
33		stderr-after-eof \
34		broken-pipe \
35		try-ciphers \
36		yes-head \
37		login-timeout \
38		agent \
39		agent-getpeereid \
40		agent-timeout \
41		agent-ptrace \
42		agent-subprocess \
43		keyscan \
44		keygen-change \
45		keygen-comment \
46		keygen-convert \
47		keygen-knownhosts \
48		keygen-moduli \
49		keygen-sshfp \
50		key-options \
51		scp \
52		scp3 \
53		scp-uri \
54		sftp \
55		sftp-chroot \
56		sftp-cmds \
57		sftp-badcmds \
58		sftp-batch \
59		sftp-glob \
60		sftp-perm \
61		sftp-uri \
62		reconfigure \
63		dynamic-forward \
64		forwarding \
65		multiplex \
66		reexec \
67		brokenkeys \
68		sshcfgparse \
69		cfgparse \
70		cfgmatch \
71		cfgmatchlisten \
72		percent \
73		addrmatch \
74		localcommand \
75		forcecommand \
76		portnum \
77		keytype \
78		kextype \
79		cert-hostkey \
80		cert-userkey \
81		host-expand \
82		keys-command \
83		forward-control \
84		integrity \
85		krl \
86		multipubkey \
87		limit-keytype \
88		hostkey-agent \
89		hostkey-rotate \
90		principals-command \
91		cert-file \
92		cfginclude \
93		servcfginclude \
94		allow-deny-users \
95		authinfo \
96		sshsig \
97		knownhosts \
98		knownhosts-command \
99		agent-restrict \
100		hostbased \
101		channel-timeout \
102		connection-timeout \
103		match-subsystem \
104		agent-pkcs11-restrict \
105		agent-pkcs11-cert \
106		penalty \
107		penalty-expire
108
109INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
110INTEROP_TESTS+=	dropbear-ciphers dropbear-kex
111#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
112
113EXTRA_TESTS=	agent-pkcs11
114#EXTRA_TESTS+= 	cipher-speed
115
116USERNAME!=	id -un
117CLEANFILES+=	*.core actual agent-key.* authorized_keys_${USERNAME} \
118		authorized_keys_${USERNAME}.* authorized_principals_${USERNAME} \
119		banner.in banner.out cert_host_key* cert_user_key* \
120		copy.1 copy.2 data ed25519-agent ed25519-agent* \
121		ed25519-agent.pub empty.in expect failed-regress.log \
122		failed-ssh.log failed-sshd.log hkr.* host.ecdsa-sha2-nistp256 \
123		host.ecdsa-sha2-nistp384 host.ecdsa-sha2-nistp521 \
124		host.ssh-dss host.ssh-ed25519 host.ssh-rsa \
125		host_* host_ca_key* host_krl_* host_revoked_* key.* \
126		key.dsa-* key.ecdsa-* key.ed25519-512 key.ed25519-512.pub \
127		key.rsa-* keys-command-args kh.* known_hosts askpass \
128		known_hosts-cert known_hosts.* krl-* ls.copy modpipe \
129		netcat pidfile putty.rsa2 ready regress.log remote_pid \
130		revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa_ssh2_cr.prv \
131		rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
132		scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
133		sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
134		ssh-agent.log ssh-add.log slow-sftp-server.sh \
135		ssh-rsa_oldfmt knownhosts_command \
136		ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
137		ssh_proxy_* sshd.log sshd_config sshd_config.* \
138		sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \
139		t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \
140		t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \
141		t9.out t9.out.pub \
142		timestamp testdata user_*key* user_ca* user_key*
143
144# Enable all malloc(3) randomisations and checks
145TEST_ENV=      "MALLOC_OPTIONS=CFGJRSUX"
146
147t1:
148	ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
149	tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv
150	ssh-keygen -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv
151	awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv
152	ssh-keygen -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv
153
154t2:
155	cat ${.CURDIR}/rsa_openssh.prv > t2.out
156	chmod 600 t2.out
157	ssh-keygen -yf t2.out | diff - ${.CURDIR}/rsa_openssh.pub
158
159t3:
160	ssh-keygen -ef ${.CURDIR}/rsa_openssh.pub |\
161		ssh-keygen -if /dev/stdin |\
162		diff - ${.CURDIR}/rsa_openssh.pub
163
164t4:
165	ssh-keygen -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\
166		awk '{print $$2}' | diff - ${.CURDIR}/t4.ok
167
168t5:
169	ssh-keygen -Bf ${.CURDIR}/rsa_openssh.pub |\
170		awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
171
172t6:
173	set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
174		ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1 ; \
175		ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2 ; \
176		chmod 600 t6.out1 ; \
177		ssh-keygen -yf t6.out1 | diff - t6.out2 ; \
178	fi
179
180t7.out:
181	ssh-keygen -q -t rsa -N '' -f $@ ; \
182
183t7: t7.out
184	ssh-keygen -lf t7.out > /dev/null
185	ssh-keygen -Bf t7.out > /dev/null
186
187t8.out:
188	set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
189		ssh-keygen -q -t dsa -N '' -f $@ ; \
190	fi
191
192t8: t8.out
193	set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
194		ssh-keygen -lf t8.out > /dev/null ; \
195		ssh-keygen -Bf t8.out > /dev/null ; \
196	fi
197
198t9.out:
199	ssh-keygen -q -t ecdsa -N '' -f $@
200
201t9: t9.out
202	ssh-keygen -lf t9.out > /dev/null
203	ssh-keygen -Bf t9.out > /dev/null
204
205t10.out:
206	ssh-keygen -q -t ed25519 -N '' -f $@
207
208t10: t10.out
209	ssh-keygen -lf t10.out > /dev/null
210	ssh-keygen -Bf t10.out > /dev/null
211
212t11:
213	ssh-keygen -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\
214		awk '{print $$2}' | diff - ${.CURDIR}/t11.ok
215
216t12.out:
217	ssh-keygen -q -t ed25519 -N '' -C 'test-comment-1234' -f $@
218
219t12: t12.out
220	ssh-keygen -lf t12.out.pub | grep -q test-comment-1234
221
222modpipe: modpipe.c
223
224timestamp: timestamp.c
225
226t-integrity: modpipe
227
228.for t in ${LTESTS} ${INTEROP_TESTS} ${EXTRA_TESTS}
229t-${t}: timestamp
230	env SUDO="${SUDO}" ${TEST_ENV} \
231	    sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
232.endfor
233
234.undef LTESTS_STARTED
235.for t in ${LTESTS}
236.if defined(LTESTS_FROM) && ${LTESTS_FROM} == t-${t}
237LTESTS_STARTED=yes
238.endif
239.if !defined(LTESTS_FROM) || defined(LTESTS_STARTED)
240REGRESS_TARGETS+=t-${t}
241.endif
242.endfor
243
244# Not run by default
245.if make(interop)
246
247.for t in ${INTEROP_TESTS}
248INTEROP_TARGETS+=t-${t}
249.endfor
250
251REGRESS_TARGETS=${INTEROP_TARGETS}
252SUBDIR=
253
254interop: regress
255
256.endif
257
258# Not run by default
259.if make(extra)
260
261.for t in ${EXTRA_TESTS}
262EXTRA_TARGETS+=t-${t}
263.endfor
264
265REGRESS_TARGETS=${EXTRA_TARGETS}
266SUBDIR=
267
268extra: regress
269
270.endif
271
272.for s in ${SUBDIR}
273CLEAN_SUBDIR+=c-${s}
274c-${s}:
275	${MAKE} -C ${.CURDIR}/${s} clean
276.endfor
277
278clean: ${CLEAN_SUBDIR}
279	rm -f ${CLEANFILES}
280	rm -rf .putty
281	rm -rf .dropbear
282
283.include <bsd.regress.mk>
284