aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/test
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2015-08-05 22:12:18 +0200
committerHans Nilsson <[email protected]>2015-08-29 08:40:52 +0200
commitba7b10c4fa2787e11bde6ddacc97ab90fe858484 (patch)
tree0e8f5997242dcc7a96d64c5af199ea7c5511e58a /lib/ssh/test
parentb78c3b351fc955aa14bdfc3577890031ffffa9f0 (diff)
downloadotp-ba7b10c4fa2787e11bde6ddacc97ab90fe858484.tar.gz
otp-ba7b10c4fa2787e11bde6ddacc97ab90fe858484.tar.bz2
otp-ba7b10c4fa2787e11bde6ddacc97ab90fe858484.zip
ssh: Elliptic Curve Diffie-Hellman (ECDH)
Adds ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp512 and OTP-12938 hmac-sha2-512
Diffstat (limited to 'lib/ssh/test')
-rw-r--r--lib/ssh/test/ssh_basic_SUITE.erl14
-rw-r--r--lib/ssh/test/ssh_protocol_SUITE.erl27
-rw-r--r--lib/ssh/test/ssh_to_openssh_SUITE.erl21
-rw-r--r--lib/ssh/test/ssh_trpt_test_lib.erl20
4 files changed, 59 insertions, 23 deletions
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index 6dfff945ac..27b611780d 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -96,7 +96,10 @@ groups() ->
{key_exchange, [], ['diffie-hellman-group-exchange-sha1',
'diffie-hellman-group-exchange-sha256',
'diffie-hellman-group1-sha1',
- 'diffie-hellman-group14-sha1'
+ 'diffie-hellman-group14-sha1',
+ 'ecdh-sha2-nistp256',
+ 'ecdh-sha2-nistp384',
+ 'ecdh-sha2-nistp521'
]},
{dir_options, [], [user_dir_option,
system_dir_option]}
@@ -845,6 +848,15 @@ ssh_msg_debug_fun_option_client(Config) ->
'diffie-hellman-group14-sha1'(Config) ->
kextest('diffie-hellman-group14-sha1',Config).
+'ecdh-sha2-nistp256'(Config) ->
+ kextest('ecdh-sha2-nistp256',Config).
+
+'ecdh-sha2-nistp384'(Config) ->
+ kextest('ecdh-sha2-nistp384',Config).
+
+'ecdh-sha2-nistp521'(Config) ->
+ kextest('ecdh-sha2-nistp521',Config).
+
kextest(Kex, Config) ->
case lists:member(Kex, ssh_transport:supported_algorithms(kex)) of
diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl
index dc02b940d7..132be3beb2 100644
--- a/lib/ssh/test/ssh_protocol_SUITE.erl
+++ b/lib/ssh/test/ssh_protocol_SUITE.erl
@@ -115,7 +115,8 @@ lib_works_as_client(Config) ->
[{set_options, [print_ops, print_seqnums, print_messages]},
{connect,
server_host(Config),server_port(Config),
- [{silently_accept_hosts, true},
+ [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]},
+ {silently_accept_hosts, true},
{user_dir, user_dir(Config)},
{user_interaction, false}]},
receive_hello,
@@ -207,7 +208,9 @@ lib_works_as_server(Config) ->
end),
%% and finally connect to it with a regular Erlang SSH client:
- {ok,_} = std_connect(HostPort, Config).
+ {ok,_} = std_connect(HostPort, Config,
+ [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}]
+ ).
%%--------------------------------------------------------------------
%%% Matching
@@ -449,24 +452,24 @@ server_user_password(N, Config) -> lists:nth(N, ?v(user_passwords,Config)).
std_connect(Config) ->
- {User,Pwd} = server_user_password(Config),
- std_connect(server_host(Config), server_port(Config),
- Config,
- [{user,User},{password,Pwd}]).
+ std_connect({server_host(Config), server_port(Config)}, Config).
std_connect({Host,Port}, Config) ->
- {User,Pwd} = server_user_password(Config),
- std_connect(Host, Port, Config, [{user,User},{password,Pwd}]).
+ std_connect({Host,Port}, Config, []).
std_connect({Host,Port}, Config, Opts) ->
std_connect(Host, Port, Config, Opts).
std_connect(Host, Port, Config, Opts) ->
+ {User,Pwd} = server_user_password(Config),
ssh:connect(Host, Port,
- [{silently_accept_hosts, true},
- {user_dir, user_dir(Config)},
- {user_interaction, false} | Opts],
+ %% Prefere User's Opts to the default opts
+ [O || O = {Tag,_} <- [{user,User},{password,Pwd},
+ {silently_accept_hosts, true},
+ {user_dir, user_dir(Config)},
+ {user_interaction, false}],
+ not lists:keymember(Tag, 1, Opts)
+ ] ++ Opts,
30000).
-
%%%----------------------------------------------------------------
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index 06bf264033..663168b169 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -204,6 +204,7 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) ->
Success =
lists:foldl(
fun(Kex, Acc) ->
+ ct:log("============= ~p ============= ~p",[Kex,Acc]),
ConnectionRef =
ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true},
{user_interaction, false},
@@ -228,13 +229,14 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) ->
Acc;
Other ->
ct:log("~p failed: ~p",[Kex,Other]),
- false
+ [Kex|Acc]
end
- end, true, ssh_transport:supported_algorithms(kex)),
+ end, [], ssh_transport:supported_algorithms(kex)),
case Success of
- true ->
+ [] ->
ok;
- false ->
+ BadKex ->
+ ct:log("Bad kex algos: ~p",[BadKex]),
{fail, "Kex failed for one or more algos"}
end.
@@ -412,7 +414,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) ->
Acc
after ?TIMEOUT ->
ct:log("Did not receive answer for ~p",[Kex]),
- false
+ [Kex|Acc]
end;
false ->
receive
@@ -420,17 +422,18 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) ->
Acc
after ?TIMEOUT ->
ct:log("Did not receive no matching kex message for ~p",[Kex]),
- false
+ [Kex|Acc]
end
end
- end, true, Kexs),
+ end, [], Kexs),
ssh:stop_daemon(Pid),
case Success of
- true ->
+ [] ->
ok;
- false ->
+ BadKex ->
+ ct:log("Bad kex algos: ~p",[BadKex]),
{fail, "Kex failed for one or more algos"}
end.
diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl
index 38b2789742..66df890f5c 100644
--- a/lib/ssh/test/ssh_trpt_test_lib.erl
+++ b/lib/ssh/test/ssh_trpt_test_lib.erl
@@ -533,7 +533,7 @@ receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize,
<<Mac:MacSize/binary, Rest/binary>> = EncRest,
case {ssh_transport:is_valid_mac(Mac, SshPacket, C2),
- catch ssh_message:decode(Payload)}
+ catch ssh_message:decode(set_prefix_if_trouble(Payload,S1))}
of
{false, _} -> fail(bad_mac,S1);
{_, {'EXIT',_}} -> fail(decode_failed,S1);
@@ -557,6 +557,24 @@ receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize,
end.
+set_prefix_if_trouble(Msg = <<?BYTE(Op),_/binary>>, #s{alg=#alg{kex=Kex}})
+ when Op == 30;
+ Op == 31
+ ->
+ case catch atom_to_list(Kex) of
+ "ecdh-sha2-" ++ _ ->
+ <<"ecdh",Msg/binary>>;
+ "diffie-hellman-group-exchange-" ++ _ ->
+ <<"dh_gex",Msg/binary>>;
+ "diffie-hellman-group" ++ _ ->
+ <<"dh",Msg/binary>>;
+ _ ->
+ Msg
+ end;
+set_prefix_if_trouble(Msg, _) ->
+ Msg.
+
+
receive_poll(S=#s{socket=Sock}) ->
inet:setopts(Sock, [{active,once}]),
receive