SSH: add ssh_to_openssh test for ciphers and macs

This is only an openssh-client-erlang-server test, because no public API to select ciphers is available for the erlang client yet.
author: Alex Wilson <[email protected]> 2014-08-18 13:48:19 +1000
committer: Alex Wilson <[email protected]> 2014-08-18 13:48:19 +1000
commit: ccf1e0385fe0877279141acdcb0ac4f43e5596e4 (patch)
tree: b1f0920633e2884568615060480116d6a60fce86 /lib/ssh
parent: 9c6e4ca932f82aeacc10e76b6d1adb3a944c8d7a (diff)
download: otp-ccf1e0385fe0877279141acdcb0ac4f43e5596e4.tar.gz
otp-ccf1e0385fe0877279141acdcb0ac4f43e5596e4.tar.bz2
otp-ccf1e0385fe0877279141acdcb0ac4f43e5596e4.zip
1 files changed, 99 insertions, 1 deletions
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index 8b5343cecc..5a3bd21b55 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -54,7 +54,9 @@ groups() ->
 			 ]},
      {erlang_server, [], [erlang_server_openssh_client_exec,
 			  erlang_server_openssh_client_exec_compressed,
-			  erlang_server_openssh_client_pulic_key_dsa]}
+			  erlang_server_openssh_client_pulic_key_dsa,
+			  erlang_server_openssh_client_cipher_suites,
+			  erlang_server_openssh_client_macs]}
     ].
 
 init_per_suite(Config) ->
@@ -221,6 +223,102 @@ erlang_server_openssh_client_exec(Config) when is_list(Config) ->
      ssh:stop_daemon(Pid).
 
 %%--------------------------------------------------------------------
+erlang_server_openssh_client_cipher_suites() ->
+    [{doc, "Test that we can connect with different cipher suites."}].
+
+erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) ->
+    SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {failfun, fun ssh_test_lib:failfun/2}]),
+
+
+    ct:sleep(500),
+
+    Ciphers = [{"3des-cbc", true},
+        {"aes128-cbc", true},
+        {"aes128-ctr", true},
+        {"aes256-cbc", false}],
+    lists:foreach(fun({Cipher, Expect}) ->
+        Cmd = "ssh -p " ++ integer_to_list(Port) ++
+        " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++
+        " -c " ++ Cipher ++ " 1+1.",
+
+        ct:pal("Cmd: ~p~n", [Cmd]),
+
+        SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]),
+
+        case Expect of
+            true ->
+                receive
+                    {SshPort,{data, <<"2\n">>}} ->
+                       ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive answer")
+                end;
+            false ->
+                receive
+                    {SshPort,{data, <<"no matching cipher found", _/binary>>}} ->
+                        ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive no matching cipher message")
+                end
+        end
+    end, Ciphers),
+
+     ssh:stop_daemon(Pid).
+
+%%--------------------------------------------------------------------
+erlang_server_openssh_client_macs() ->
+    [{doc, "Test that we can connect with different MACs."}].
+
+erlang_server_openssh_client_macs(Config) when is_list(Config) ->
+    SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+                         {failfun, fun ssh_test_lib:failfun/2}]),
+
+
+    ct:sleep(500),
+
+    MACs = [{"hmac-sha1", true},
+        {"hmac-sha2-256", true},
+        {"hmac-md5-96", false},
+        {"hmac-ripemd160", false}],
+    lists:foreach(fun({MAC, Expect}) ->
+        Cmd = "ssh -p " ++ integer_to_list(Port) ++
+        " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++
+        " -o MACs=" ++ MAC ++ " 1+1.",
+
+        ct:pal("Cmd: ~p~n", [Cmd]),
+
+        SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]),
+
+        case Expect of
+            true ->
+                receive
+                    {SshPort,{data, <<"2\n">>}} ->
+                       ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive answer")
+                end;
+            false ->
+                receive
+                    {SshPort,{data, <<"no matching mac found", _/binary>>}} ->
+                        ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive no matching mac message")
+                end
+        end
+    end, MACs),
+
+     ssh:stop_daemon(Pid).
+
+%%--------------------------------------------------------------------
 erlang_server_openssh_client_exec_compressed() ->
     [{doc, "Test that exec command works."}].
author	Alex Wilson <[email protected]>	2014-08-18 13:48:19 +1000
committer	Alex Wilson <[email protected]>	2014-08-18 13:48:19 +1000
commit	ccf1e0385fe0877279141acdcb0ac4f43e5596e4 (patch)
tree	b1f0920633e2884568615060480116d6a60fce86 /lib/ssh
parent	9c6e4ca932f82aeacc10e76b6d1adb3a944c8d7a (diff)
download	otp-ccf1e0385fe0877279141acdcb0ac4f43e5596e4.tar.gz otp-ccf1e0385fe0877279141acdcb0ac4f43e5596e4.tar.bz2 otp-ccf1e0385fe0877279141acdcb0ac4f43e5596e4.zip