1 files changed, 176 insertions, 21 deletions
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index 8b5343cecc..af70eeb46c 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -54,7 +54,9 @@ groups() ->
 			 ]},
      {erlang_server, [], [erlang_server_openssh_client_exec,
 			  erlang_server_openssh_client_exec_compressed,
-			  erlang_server_openssh_client_pulic_key_dsa]}
+			  erlang_server_openssh_client_pulic_key_dsa,
+			  erlang_server_openssh_client_cipher_suites,
+			  erlang_server_openssh_client_macs]}
     ].
 
 init_per_suite(Config) ->
@@ -89,6 +91,12 @@ end_per_group(erlang_server, Config) ->
 end_per_group(_, Config) ->
     Config.
 
+init_per_testcase(erlang_server_openssh_client_cipher_suites, Config) ->
+    check_ssh_client_support(Config);
+
+init_per_testcase(erlang_server_openssh_client_macs, Config) ->
+    check_ssh_client_support(Config);
+
 init_per_testcase(_TestCase, Config) ->
     ssh:start(),
     Config.
@@ -111,22 +119,9 @@ erlang_shell_client_openssh_server(Config) when is_list(Config) ->
     IO ! {input, self(), "echo Hej\n"},
     receive_hej(),
     IO ! {input, self(), "exit\n"},
-    receive
-	<<"logout">> ->
-	    receive
-		<<"Connection closed">> ->
-		    ok
-	    end;
-	Other0 ->
-	    ct:fail({unexpected_msg, Other0})
-    end,
-    receive
-	{'EXIT', Shell, normal} ->
-	    ok;
-	Other1 ->
-	    ct:fail({unexpected_msg, Other1})
-    end.
-
+    receive_logout(),
+    receive_normal_exit(Shell).
+   
 %--------------------------------------------------------------------
 erlang_client_openssh_server_exec() ->
     [{doc, "Test api function ssh_connection:exec"}].
@@ -221,6 +216,108 @@ erlang_server_openssh_client_exec(Config) when is_list(Config) ->
      ssh:stop_daemon(Pid).
 
 %%--------------------------------------------------------------------
+erlang_server_openssh_client_cipher_suites() ->
+    [{doc, "Test that we can connect with different cipher suites."}].
+
+erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) ->
+    SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+					     {failfun, fun ssh_test_lib:failfun/2}]),
+
+
+    ct:sleep(500),
+
+    Supports = crypto:supports(),
+    Ciphers = proplists:get_value(ciphers, Supports),
+    Tests = [
+        {"3des-cbc", lists:member(des3_cbc, Ciphers)},
+        {"aes128-cbc", lists:member(aes_cbc128, Ciphers)},
+        {"aes128-ctr", lists:member(aes_ctr, Ciphers)},
+        {"aes256-cbc", false}
+    ],
+    lists:foreach(fun({Cipher, Expect}) ->
+        Cmd = "ssh -p " ++ integer_to_list(Port) ++
+        " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++
+        " -c " ++ Cipher ++ " 1+1.",
+
+        ct:pal("Cmd: ~p~n", [Cmd]),
+
+        SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]),
+
+        case Expect of
+            true ->
+                receive
+                    {SshPort,{data, <<"2\n">>}} ->
+                       ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive answer")
+                end;
+            false ->
+                receive
+                    {SshPort,{data, <<"no matching cipher found", _/binary>>}} ->
+                        ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive no matching cipher message")
+                end
+        end
+    end, Tests),
+
+     ssh:stop_daemon(Pid).
+
+%%--------------------------------------------------------------------
+erlang_server_openssh_client_macs() ->
+    [{doc, "Test that we can connect with different MACs."}].
+
+erlang_server_openssh_client_macs(Config) when is_list(Config) ->
+    SystemDir = ?config(data_dir, Config),
+    PrivDir = ?config(priv_dir, Config),
+    KnownHosts = filename:join(PrivDir, "known_hosts"),
+
+    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},
+                         {failfun, fun ssh_test_lib:failfun/2}]),
+
+
+    ct:sleep(500),
+
+    Supports = crypto:supports(),
+    Hashs = proplists:get_value(hashs, Supports),
+    MACs = [{"hmac-sha1", lists:member(sha, Hashs)},
+        {"hmac-sha2-256", lists:member(sha256, Hashs)},
+        {"hmac-md5-96", false},
+        {"hmac-ripemd160", false}],
+    lists:foreach(fun({MAC, Expect}) ->
+        Cmd = "ssh -p " ++ integer_to_list(Port) ++
+        " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++
+        " -o MACs=" ++ MAC ++ " 1+1.",
+
+        ct:pal("Cmd: ~p~n", [Cmd]),
+
+        SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]),
+
+        case Expect of
+            true ->
+                receive
+                    {SshPort,{data, <<"2\n">>}} ->
+                       ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive answer")
+                end;
+            false ->
+                receive
+                    {SshPort,{data, <<"no matching mac found", _/binary>>}} ->
+                        ok
+                after ?TIMEOUT ->
+                    ct:fail("Did not receive no matching mac message")
+                end
+        end
+    end, MACs),
+
+     ssh:stop_daemon(Pid).
+
+%%--------------------------------------------------------------------
 erlang_server_openssh_client_exec_compressed() ->
     [{doc, "Test that exec command works."}].
 
@@ -427,9 +524,67 @@ erlang_client_openssh_server_nonexistent_subsystem(Config) when is_list(Config)
 %%--------------------------------------------------------------------
 receive_hej() ->
     receive
-	<<"Hej\n">> = Hej->
+	<<"Hej", _binary>> = Hej ->
+	    ct:pal("Expected result: ~p~n", [Hej]);
+	<<"Hej\n", _binary>> = Hej ->
+	    ct:pal("Expected result: ~p~n", [Hej]);
+	<<"Hej\r\n", _/binary>> = Hej ->
 	    ct:pal("Expected result: ~p~n", [Hej]);
 	Info ->
-	    ct:pal("Extra info: ~p~n", [Info]),
-	    receive_hej()
+	    Lines = binary:split(Info, [<<"\r\n">>], [global]),
+	    case lists:member(<<"Hej">>, Lines) of
+		true ->
+		    ct:pal("Expected result found in lines: ~p~n", [Lines]),
+		    ok;
+		false ->
+		    ct:pal("Extra info: ~p~n", [Info]),
+		    receive_hej()
+	    end
+    end.
+
+receive_logout() ->
+    receive
+	<<"logout">> ->
+	    receive
+		<<"Connection closed">> ->
+		    ok
+	    end;
+	Info ->
+	    ct:pal("Extra info when logging out: ~p~n", [Info]),
+	    receive_logout()
+	end.
+
+receive_normal_exit(Shell) ->
+    receive
+	{'EXIT', Shell, normal} ->
+	    ok;
+	<<"\r\n">> ->
+	    receive_normal_exit(Shell);
+	Other ->
+	    ct:fail({unexpected_msg, Other})
+    end.
+
+%%--------------------------------------------------------------------
+%%--------------------------------------------------------------------
+%% Check if we have a "newer" ssh client that supports these test cases
+%%--------------------------------------------------------------------
+check_ssh_client_support(Config) ->
+    Port = open_port({spawn, "ssh -Q cipher"}, [exit_status, stderr_to_stdout]),
+    case check_ssh_client_support2(Port) of
+	0 -> % exit status from command (0 == ok)
+	    ssh:start(),
+	    Config;
+	_ ->
+	    {skip, "test case not supported by ssh client"}
+    end.
+
+check_ssh_client_support2(P) ->
+    receive
+	{P, {data, _A}} ->
+	    check_ssh_client_support2(P);
+	{P, {exit_status, E}} ->
+	    E
+    after 5000 ->
+	    ct:pal("Openssh command timed out ~n"),
+	    -1
     end.