diff options
author | Jon Simons <jon@jonsimons.org> | 2017-08-24 18:14:38 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-08-24 18:19:25 +0200 |
commit | 7204d2f48556210e3e6894aebb20db24819a3e86 (patch) | |
tree | 344b3cb22c947b0083aa1eca491278b0e9b12038 /tests | |
parent | 4c602f225574d0da5833aa7ddf9bffe642046b7b (diff) | |
parent | 6252aab88ae0616e112d7e59a4013e35ac7c42d4 (diff) | |
download | libssh-7204d2f48556210e3e6894aebb20db24819a3e86.tar.gz libssh-7204d2f48556210e3e6894aebb20db24819a3e86.tar.xz libssh-7204d2f48556210e3e6894aebb20db24819a3e86.zip |
ecdh: enable ecdh_sha2_nistp{384,521} kex methods
Summary:
Based on Dirkjan's original patch series here:
* https://www.libssh.org/archive/libssh/2015-08/0000029.html
Here the changes are adapted for the current master
branch, and expanded to include libgcrypt support.
Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com>
Signed-off-by: Jon Simons <jon@jonsimons.org>
Test Plan:
* Ran pkd tests for libcrypto and libgcrypt builds.
* Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds.
* Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta").
Reviewers: aris, asn
Reviewed By: asn
Tags: #libssh
Differential Revision: https://bugs.libssh.org/D7
Diffstat (limited to 'tests')
-rw-r--r-- | tests/client/torture_algorithms.c | 48 | ||||
-rw-r--r-- | tests/pkd/pkd_hello.c | 10 |
2 files changed, 56 insertions, 2 deletions
diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c index 605772c5..81f3a328 100644 --- a/tests/client/torture_algorithms.c +++ b/tests/client/torture_algorithms.c @@ -325,7 +325,7 @@ static void torture_algorithms_zlib_openssh(void **state) { ssh_disconnect(session); } -#if defined(HAVE_LIBCRYPTO) && defined(HAVE_ECC) +#if defined(HAVE_ECC) static void torture_algorithms_ecdh_sha2_nistp256(void **state) { struct torture_state *s = *state; ssh_session session = s->ssh.session; @@ -344,6 +344,44 @@ static void torture_algorithms_ecdh_sha2_nistp256(void **state) { ssh_disconnect(session); } + +static void torture_algorithms_ecdh_sha2_nistp384(void **state) { + struct torture_state *s = *state; + ssh_session session = s->ssh.session; + int rc; + + rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp384"); + assert_int_equal(rc, SSH_OK); + + rc = ssh_connect(session); + assert_int_equal(rc, SSH_OK); + rc = ssh_userauth_none(session, NULL); + if (rc != SSH_OK) { + rc = ssh_get_error_code(session); + assert_int_equal(rc, SSH_REQUEST_DENIED); + } + + ssh_disconnect(session); +} + +static void torture_algorithms_ecdh_sha2_nistp521(void **state) { + struct torture_state *s = *state; + ssh_session session = s->ssh.session; + int rc; + + rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp521"); + assert_int_equal(rc, SSH_OK); + + rc = ssh_connect(session); + assert_int_equal(rc, SSH_OK); + rc = ssh_userauth_none(session, NULL); + if (rc != SSH_OK) { + rc = ssh_get_error_code(session); + assert_int_equal(rc, SSH_REQUEST_DENIED); + } + + ssh_disconnect(session); +} #endif static void torture_algorithms_dh_group1(void **state) { @@ -448,10 +486,16 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_algorithms_dh_group1, session_setup, session_teardown), -#if defined(HAVE_LIBCRYPTO) && defined(HAVE_ECC) +#if defined(HAVE_ECC) cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256, session_setup, session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp384, + session_setup, + session_teardown), + cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp521, + session_setup, + session_teardown), #endif }; diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c index 096e5b6f..4b0ae0ac 100644 --- a/tests/pkd/pkd_hello.c +++ b/tests/pkd/pkd_hello.c @@ -190,22 +190,32 @@ static int torture_pkd_setup_ecdsa_521(void **state) { /* Kex algorithms. */ \ f(client, rsa_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_rsa, teardown) \ f(client, rsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_rsa, teardown) \ + f(client, rsa_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384 "), setup_rsa, teardown) \ + f(client, rsa_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_rsa, teardown) \ f(client, rsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_rsa, teardown) \ f(client, dsa_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_dsa, teardown) \ f(client, dsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_dsa, teardown) \ + f(client, dsa_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384 "), setup_dsa, teardown) \ + f(client, dsa_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_dsa, teardown) \ f(client, dsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_dsa, teardown) \ f(client, dsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_dsa, teardown) \ f(client, ecdsa_256_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384 "), setup_ecdsa_256, teardown) \ + f(client, ecdsa_256_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_256, teardown) \ f(client, ecdsa_256_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_256, teardown) \ f(client, ecdsa_384_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384 "), setup_ecdsa_384, teardown) \ + f(client, ecdsa_384_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_384, teardown) \ f(client, ecdsa_384_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_384, teardown) \ f(client, ecdsa_521_curve25519_sha256, kexcmd("curve25519-sha256@libssh.org"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256 "), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384 "), setup_ecdsa_521, teardown) \ + f(client, ecdsa_521_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521 "), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ecdsa_521, teardown) \ f(client, ecdsa_521_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ecdsa_521, teardown) |