diff options
| author | Hans Nilsson <[email protected]> | 2015-06-30 15:40:16 +0200 |
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2015-07-02 12:18:28 +0200 |
| commit | a9bedfb5b9a469642c0e8bf315f41a2505444cd6 (patch) | |
| tree | 52027f492745d79e1eb717e406e51766289c5ba7 /lib/ssh/src/ssh_transport.erl | |
| parent | 941ddfbeab3357177ce6eac709456fd881ac2429 (diff) | |
| download | otp-a9bedfb5b9a469642c0e8bf315f41a2505444cd6.tar.gz otp-a9bedfb5b9a469642c0e8bf315f41a2505444cd6.tar.bz2 otp-a9bedfb5b9a469642c0e8bf315f41a2505444cd6.zip | |
ssh: testcases for no common algorithms in key exchange
Diffstat (limited to 'lib/ssh/src/ssh_transport.erl')
| -rw-r--r-- | lib/ssh/src/ssh_transport.erl | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index f4e6a23a1e..2e7391e1f8 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -246,26 +246,41 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, Ssh0#ssh{algorithms = Algoritms}); _ -> %% TODO: Correct code? - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, description = "Selection of key exchange" " algorithm failed", - language = "en"}) + language = ""}) end; handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, #ssh{role = server} = Ssh) -> {ok, Algoritms} = select_algorithm(server, CounterPart, Own), - {ok, Ssh#ssh{algorithms = Algoritms}}. + case verify_algorithm(Algoritms) of + true -> + {ok, Ssh#ssh{algorithms = Algoritms}}; + _ -> + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Selection of key exchange" + " algorithm failed", + language = ""}) + end. %% TODO: diffie-hellman-group14-sha1 should also be supported. %% Maybe check more things ... -verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> - true; -verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> - true; -verify_algorithm(_) -> - false. + +verify_algorithm(#alg{kex = undefined}) -> false; +verify_algorithm(#alg{hkey = undefined}) -> false; +verify_algorithm(#alg{send_mac = undefined}) -> false; +verify_algorithm(#alg{recv_mac = undefined}) -> false; +verify_algorithm(#alg{encrypt = undefined}) -> false; +verify_algorithm(#alg{decrypt = undefined}) -> false; +verify_algorithm(#alg{compress = undefined}) -> false; +verify_algorithm(#alg{decompress = undefined}) -> false; + +verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; +verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; +verify_algorithm(_) -> false. key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {G, P} = dh_group1(), |