diff options
| author | Jakub Jelen <jjelen@redhat.com> | 2018-10-18 16:18:22 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2018-10-19 17:43:20 +0200 |
| commit | bdb3bb9ccd81dc3e4c7a6b90868fd4e6e4fc428c (patch) | |
| tree | 41c74ef4591b635718520cc4fde630641231a71b | |
| parent | 32e502a79d335de9309aecfa6bfba4580044f60a (diff) | |
| download | libssh-bdb3bb9ccd81dc3e4c7a6b90868fd4e6e4fc428c.tar.gz libssh-bdb3bb9ccd81dc3e4c7a6b90868fd4e6e4fc428c.tar.xz libssh-bdb3bb9ccd81dc3e4c7a6b90868fd4e6e4fc428c.zip | |
tests: Verify the hostkey ordering for negotiation is correct
Previously, not all of the host keys algorithms were used for algorithm
negotiation. This verifies the algorithms list is sane and ordered
with the key types from known hosts in the first place.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
| -rw-r--r-- | include/libssh/kex.h | 1 | ||||
| -rw-r--r-- | src/kex.c | 2 | ||||
| -rw-r--r-- | tests/unittests/torture_knownhosts_parsing.c | 30 |
3 files changed, 32 insertions, 1 deletions
diff --git a/include/libssh/kex.h b/include/libssh/kex.h index 58a9c555..a626d105 100644 --- a/include/libssh/kex.h +++ b/include/libssh/kex.h @@ -45,5 +45,6 @@ char *ssh_find_matching(const char *in_d, const char *what_d); const char *ssh_kex_get_supported_method(uint32_t algo); const char *ssh_kex_get_default_methods(uint32_t algo); const char *ssh_kex_get_description(uint32_t algo); +char *ssh_client_select_hostkeys(ssh_session session); #endif /* KEX_H_ */ @@ -606,7 +606,7 @@ void ssh_list_kex(struct ssh_kex_struct *kex) { * @returns a cstring containing a comma-separated list of hostkey methods. * NULL if no method matches */ -static char *ssh_client_select_hostkeys(ssh_session session) +char *ssh_client_select_hostkeys(ssh_session session) { char methods_buffer[128]={0}; char tail_buffer[128]={0}; diff --git a/tests/unittests/torture_knownhosts_parsing.c b/tests/unittests/torture_knownhosts_parsing.c index a4ed14d8..b17a3355 100644 --- a/tests/unittests/torture_knownhosts_parsing.c +++ b/tests/unittests/torture_knownhosts_parsing.c @@ -277,6 +277,33 @@ static void torture_knownhosts_host_exists(void **state) ssh_free(session); } +static void +torture_knownhosts_algorithms(void **state) +{ + const char *knownhosts_file = *state; + char *algo_list = NULL; + ssh_session session; + const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521," + "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256" +#ifdef HAVE_DSA + ",ssh-dss" +#endif + ; + + session = ssh_new(); + assert_non_null(session); + + ssh_options_set(session, SSH_OPTIONS_HOST, "localhost"); + ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file); + + algo_list = ssh_client_select_hostkeys(session); + assert_non_null(algo_list); + assert_string_equal(algo_list, expect); + free(algo_list); + + ssh_free(session); +} + int torture_run_tests(void) { int rc; struct CMUnitTest tests[] = { @@ -292,6 +319,9 @@ int torture_run_tests(void) { cmocka_unit_test_setup_teardown(torture_knownhosts_host_exists, setup_knownhosts_file, teardown_knownhosts_file), + cmocka_unit_test_setup_teardown(torture_knownhosts_algorithms, + setup_knownhosts_file, + teardown_knownhosts_file), }; ssh_init(); |