Merge branch 'hans/ssh/pref_public_key_algs/OTP-13158' into maint

* hans/ssh/pref_public_key_algs/OTP-13158: ssh: tests skips if not supported crypto ssh: ssh_auth checks support for user pubkey alg ssh: client pub key opt implemented ssh: client pub key testcase ssh: client pub key documentation
author: Hans Nilsson <[email protected]> 2015-12-07 10:20:29 +0100
committer: Hans Nilsson <[email protected]> 2015-12-07 10:20:29 +0100
commit: 1d1677c2a85ebce0ada828d254c7a1122b825e0a (patch)
tree: add0d6e5a1e02e1ed2ec71f33f4b94c76c592985 /lib/ssh/test
parent: 572bea9807504670b1eec4aab6b8ac833cd42b26 (diff)
parent: 58aff4fafed973059167ea64b6109ce2fec03fe1 (diff)
download: otp-1d1677c2a85ebce0ada828d254c7a1122b825e0a.tar.gz
otp-1d1677c2a85ebce0ada828d254c7a1122b825e0a.tar.bz2
otp-1d1677c2a85ebce0ada828d254c7a1122b825e0a.zip
2 files changed, 116 insertions, 6 deletions
diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl
index d4cb03f2f2..85a6bac972 100644
--- a/lib/ssh/test/ssh_basic_SUITE.erl
+++ b/lib/ssh/test/ssh_basic_SUITE.erl
@@ -41,6 +41,10 @@
 	 double_close/1, 
 	 exec/1,
 	 exec_compressed/1,  
+	 exec_key_differs1/1,
+	 exec_key_differs2/1,
+	 exec_key_differs3/1,
+	 exec_key_differs_fail/1,
 	 idle_time/1,
 	 inet6_option/1,
 	 inet_option/1,
@@ -86,6 +90,7 @@ all() ->
      {group, ecdsa_sha2_nistp521_key},
      {group, dsa_pass_key},
      {group, rsa_pass_key},
+     {group, host_user_key_differs},
      {group, key_cb},
      {group, internal_error},
      daemon_already_started,
@@ -102,6 +107,10 @@ groups() ->
      {ecdsa_sha2_nistp256_key, [], basic_tests()},
      {ecdsa_sha2_nistp384_key, [], basic_tests()},
      {ecdsa_sha2_nistp521_key, [], basic_tests()},
+     {host_user_key_differs, [], [exec_key_differs1,
+				  exec_key_differs2,
+				  exec_key_differs3,
+				  exec_key_differs_fail]},
      {dsa_pass_key, [], [pass_phrase]},
      {rsa_pass_key, [], [pass_phrase]},
      {key_cb, [], [key_callback, key_callback_options]},
@@ -184,6 +193,21 @@ init_per_group(dsa_pass_key, Config) ->
     PrivDir = ?config(priv_dir, Config),
     ssh_test_lib:setup_dsa_pass_pharse(DataDir, PrivDir, "Password"),
     [{pass_phrase, {dsa_pass_phrase, "Password"}}| Config];
+init_per_group(host_user_key_differs, Config) ->
+    Data = ?config(data_dir, Config),
+    Sys = filename:join(?config(priv_dir, Config), system_rsa),
+    SysUsr = filename:join(Sys, user),
+    Usr = filename:join(?config(priv_dir, Config), user_ecdsa_256),
+    file:make_dir(Sys),
+    file:make_dir(SysUsr),
+    file:make_dir(Usr),
+    file:copy(filename:join(Data, "ssh_host_rsa_key"),     filename:join(Sys, "ssh_host_rsa_key")),
+    file:copy(filename:join(Data, "ssh_host_rsa_key.pub"), filename:join(Sys, "ssh_host_rsa_key.pub")),
+    file:copy(filename:join(Data, "id_ecdsa256"),         filename:join(Usr, "id_ecdsa")),
+    file:copy(filename:join(Data, "id_ecdsa256.pub"),     filename:join(Usr, "id_ecdsa.pub")),
+    ssh_test_lib:setup_ecdsa_auth_keys("256", Usr, SysUsr),
+    ssh_test_lib:setup_rsa_known_host(Sys, Usr),
+    Config;
 init_per_group(key_cb, Config) ->
     DataDir = ?config(data_dir, Config),
     PrivDir = ?config(priv_dir, Config),
@@ -491,6 +515,80 @@ shell(Config) when is_list(Config) ->
     end.
     
 %%--------------------------------------------------------------------
+%%% Test that we could user different types of host pubkey and user pubkey
+exec_key_differs1(Config) -> exec_key_differs(Config, ['ecdsa-sha2-nistp256']).
+
+exec_key_differs2(Config) -> exec_key_differs(Config, ['ssh-dss','ecdsa-sha2-nistp256']).
+
+exec_key_differs3(Config) -> exec_key_differs(Config, ['ecdsa-sha2-nistp384','ecdsa-sha2-nistp256']).
+
+
+
+exec_key_differs(Config, UserPKAlgs) ->
+    case lists:usort(['ssh-rsa'|UserPKAlgs])
+	-- ssh_transport:supported_algorithms(public_key)
+    of
+	[] ->
+	    process_flag(trap_exit, true),
+	    SystemDir = filename:join(?config(priv_dir, Config), system_rsa),
+	    SystemUserDir = filename:join(SystemDir, user),
+	    UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256),
+   
+	    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+						       {user_dir, SystemUserDir},
+						       {preferred_algorithms,
+							[{public_key,['ssh-rsa']}]}]),
+	    ct:sleep(500),
+
+	    IO = ssh_test_lib:start_io_server(),
+	    Shell = ssh_test_lib:start_shell(Port, IO, UserDir,
+					     [{preferred_algorithms,[{public_key,['ssh-rsa']}]},
+					      {pref_public_key_algs,UserPKAlgs}
+					     ]),
+
+
+	    receive
+		{'EXIT', _, _} ->
+		    ct:fail(no_ssh_connection);  
+		ErlShellStart ->
+		    ct:log("Erlang shell start: ~p~n", [ErlShellStart]),
+		    do_shell(IO, Shell)
+	    after 
+		30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE])
+	    end;
+
+	UnsupportedPubKeys ->
+	    {skip, io_lib:format("~p unsupported",[UnsupportedPubKeys])}
+    end.
+    
+%%--------------------------------------------------------------------
+exec_key_differs_fail(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    SystemDir = filename:join(?config(priv_dir, Config), system_rsa),
+    SystemUserDir = filename:join(SystemDir, user),
+    UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256),
+   
+    {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					       {user_dir, SystemUserDir},
+					       {preferred_algorithms,
+						[{public_key,['ssh-rsa']}]}]),
+    ct:sleep(500),
+
+    IO = ssh_test_lib:start_io_server(),
+    ssh_test_lib:start_shell(Port, IO, UserDir,
+			     [{preferred_algorithms,[{public_key,['ssh-rsa']}]},
+			      {pref_public_key_algs,['ssh-dss']}]),
+    receive
+	{'EXIT', _, _} ->
+	    ok;  
+	ErlShellStart ->
+	    ct:log("Erlang shell start: ~p~n", [ErlShellStart]),
+	    ct:fail(connection_not_rejected)
+    after 
+	30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE])
+    end.
+    
+%%--------------------------------------------------------------------
 cli(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     SystemDir = filename:join(?config(priv_dir, Config), system),
diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl
index 227dfcddcd..e5cfa58bad 100644
--- a/lib/ssh/test/ssh_renegotiate_SUITE.erl
+++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl
@@ -57,9 +57,15 @@ end_per_suite(_Config) ->
 
 %%--------------------------------------------------------------------
 init_per_group(aes_gcm, Config) ->
-    [{preferred_algorithms, [{cipher,[{client2server,['[email protected]']},
-				      {server2client,['[email protected]']}]}]}
-     | Config];
+    case lists:member({client2server,['[email protected]']},
+		      ssh_transport:supported_algorithms(cipher)) of
+	true ->
+	    [{preferred_algorithms, [{cipher,[{client2server,['[email protected]']},
+					      {server2client,['[email protected]']}]}]}
+	     | Config];
+	false ->
+	    {skip, "aes_gcm not supported"}
+    end;
 init_per_group(_, Config) ->
     [{preferred_algorithms, ssh:default_algorithms()} | Config].
 
@@ -107,7 +113,9 @@ rekey_limit(Config) ->
     UserDir = ?config(priv_dir, Config),
     DataFile = filename:join(UserDir, "rekey.data"),
 
-    {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]),
+    Algs = ?config(preferred_algorithms, Config),
+    {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0},
+							{preferred_algorithms,Algs}]),
 
     ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, [{rekey_limit, 6000},
 								  {max_random_length_padding,0}]),
@@ -151,7 +159,9 @@ renegotiate1(Config) ->
     UserDir = ?config(priv_dir, Config),
     DataFile = filename:join(UserDir, "renegotiate1.data"),
 
-    {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]),
+    Algs = ?config(preferred_algorithms, Config),
+    {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0},
+							 {preferred_algorithms,Algs}]),
 
     RPort = ssh_test_lib:inet_port(),
     {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort),
@@ -189,7 +199,9 @@ renegotiate2(Config) ->
     UserDir = ?config(priv_dir, Config),
     DataFile = filename:join(UserDir, "renegotiate2.data"),
 
-    {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]),
+    Algs = ?config(preferred_algorithms, Config),
+    {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0},
+							 {preferred_algorithms,Algs}]),
 
     RPort = ssh_test_lib:inet_port(),
     {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort),
author	Hans Nilsson <[email protected]>	2015-12-07 10:20:29 +0100
committer	Hans Nilsson <[email protected]>	2015-12-07 10:20:29 +0100
commit	1d1677c2a85ebce0ada828d254c7a1122b825e0a (patch)
tree	add0d6e5a1e02e1ed2ec71f33f4b94c76c592985 /lib/ssh/test
parent	572bea9807504670b1eec4aab6b8ac833cd42b26 (diff)
parent	58aff4fafed973059167ea64b6109ce2fec03fe1 (diff)
download	otp-1d1677c2a85ebce0ada828d254c7a1122b825e0a.tar.gz otp-1d1677c2a85ebce0ada828d254c7a1122b825e0a.tar.bz2 otp-1d1677c2a85ebce0ada828d254c7a1122b825e0a.zip