From 113de1354322f3fb310b23b412c548d8a9e417bc Mon Sep 17 00:00:00 2001 From: Aris Adamantiadis Date: Sun, 12 Jun 2011 20:54:33 +0200 Subject: Test for ecdh and dh-group1 --- include/libssh/libssh.h | 3 ++- src/options.c | 14 +++++++++++++ tests/client/torture_algorithms.c | 43 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h index 425be1a..3453177 100644 --- a/include/libssh/libssh.h +++ b/include/libssh/libssh.h @@ -303,7 +303,8 @@ enum ssh_options_e { SSH_OPTIONS_BINDADDR, SSH_OPTIONS_STRICTHOSTKEYCHECK, SSH_OPTIONS_COMPRESSION, - SSH_OPTIONS_COMPRESSION_LEVEL + SSH_OPTIONS_COMPRESSION_LEVEL, + SSH_OPTIONS_KEY_EXCHANGE }; enum { diff --git a/src/options.c b/src/options.c index 5a9c5bf..d111f72 100644 --- a/src/options.c +++ b/src/options.c @@ -312,6 +312,11 @@ int ssh_options_set_algo(ssh_session session, int algo, * Set the symmetric cipher server to client (const char *, * comma-separated list). * + * - SSH_OPTIONS_KEY_EXCHANGE: + * Set the key exchange method to be used (const char *, + * comma-separated list). ex: + * "ecdh-sha2-nistp256,diffie-hellman-group1-sha1" + * * - SSH_OPTIONS_COMPRESSION_C_S: * Set the compression to use for client to server * communication (const char *, "yes", "no" or a specific @@ -583,6 +588,15 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, return -1; } break; + case SSH_OPTIONS_KEY_EXCHANGE: + if(value == NULL) { + ssh_set_error_invalid(session, __FUNCTION__); + return -1; + } else { + if (ssh_options_set_algo(session, SSH_KEX, value) < 0) + return -1; + } + break; case SSH_OPTIONS_COMPRESSION_C_S: if (value == NULL) { ssh_set_error_invalid(session, __FUNCTION__); diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c index 8f51d40..6bec543 100644 --- a/tests/client/torture_algorithms.c +++ b/tests/client/torture_algorithms.c @@ -148,6 +148,47 @@ static void torture_algorithms_zlib_openssh(void **state) { ssh_disconnect(session); } +static void torture_algorithms_ecdh_sha2_nistp256(void **state) { + ssh_session session = *state; + int rc; + + rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost"); + assert_true(rc == SSH_OK); + + rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp256"); + assert_true(rc == SSH_OK); + + rc = ssh_connect(session); + assert_true(rc == SSH_OK); + rc = ssh_userauth_none(session, NULL); + if (rc != SSH_OK) { + rc = ssh_get_error_code(session); + assert_true(rc == SSH_REQUEST_DENIED); + } + + ssh_disconnect(session); +} + +static void torture_algorithms_dh_group1(void **state) { + ssh_session session = *state; + int rc; + + rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost"); + assert_true(rc == SSH_OK); + + rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group1-sha1"); + assert_true(rc == SSH_OK); + + rc = ssh_connect(session); + assert_true(rc == SSH_OK); + rc = ssh_userauth_none(session, NULL); + if (rc != SSH_OK) { + rc = ssh_get_error_code(session); + assert_true(rc == SSH_REQUEST_DENIED); + } + + ssh_disconnect(session); +} int torture_run_tests(void) { int rc; const UnitTest tests[] = { @@ -161,6 +202,8 @@ int torture_run_tests(void) { unit_test_setup_teardown(torture_algorithms_blowfish_cbc, setup, teardown), unit_test_setup_teardown(torture_algorithms_zlib, setup, teardown), unit_test_setup_teardown(torture_algorithms_zlib_openssh, setup, teardown), + unit_test_setup_teardown(torture_algorithms_dh_group1,setup,teardown), + unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256,setup,teardown) }; ssh_init(); -- cgit v1.2.3