aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssh')
-rw-r--r--lib/ssh/test/ssh_protocol_SUITE.erl18
-rw-r--r--lib/ssh/test/ssh_trpt_test_lib.erl129
2 files changed, 96 insertions, 51 deletions
diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl
index 246e3d4898..732892ae37 100644
--- a/lib/ssh/test/ssh_protocol_SUITE.erl
+++ b/lib/ssh/test/ssh_protocol_SUITE.erl
@@ -240,7 +240,7 @@ lib_no_match(_Config) ->
no_common_alg_server_disconnects(Config) ->
{ok,_} =
ssh_trpt_test_lib:exec(
- [{set_options, [print_ops, print_seqnums, print_messages]},
+ [{set_options, [print_ops, {print_messages,detail}]},
{connect,
server_host(Config),server_port(Config),
[{silently_accept_hosts, true},
@@ -251,7 +251,7 @@ no_common_alg_server_disconnects(Config) ->
receive_hello,
{send, hello},
{match, #ssh_msg_kexinit{_='_'}, receive_msg},
- {send, ssh_msg_kexinit},
+ {send, ssh_msg_kexinit}, % with server unsupported 'ssh-dss' !
{match,
{'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'},
tcp_closed]},
@@ -275,17 +275,16 @@ no_common_alg_client_disconnects(Config) ->
Parent !
{result,self(),
ssh_trpt_test_lib:exec(
- [{set_options, [print_ops, print_messages]},
+ [{set_options, [print_ops, {print_messages,detail}]},
{accept, [{system_dir, system_dir(Config)},
{user_dir, user_dir(Config)}]},
receive_hello,
{send, hello},
-
{match, #ssh_msg_kexinit{_='_'}, receive_msg},
- {send, #ssh_msg_kexinit{
+ {send, #ssh_msg_kexinit{ % with unsupported "SOME-UNSUPPORTED"
cookie = 247381486335508958743193106082599558706,
kex_algorithms = ["diffie-hellman-group1-sha1"],
- server_host_key_algorithms = ["some-unknown"],
+ server_host_key_algorithms = ["SOME-UNSUPPORTED"], % SIC!
encryption_algorithms_client_to_server = ["aes128-ctr"],
encryption_algorithms_server_to_client = ["aes128-ctr"],
mac_algorithms_client_to_server = ["hmac-sha2-256"],
@@ -306,7 +305,8 @@ no_common_alg_client_disconnects(Config) ->
}
end),
- %% and finally connect to it with a regular Erlang SSH client:
+ %% and finally connect to it with a regular Erlang SSH client
+ %% which of course does not support SOME-UNSUPPORTED as pub key algo:
Result = std_connect(HostPort, Config, [{preferred_algorithms,[{public_key,['ssh-dss']}]}]),
ct:log("Result of connect is ~p",[Result]),
@@ -317,7 +317,9 @@ no_common_alg_client_disconnects(Config) ->
ct:pal("ERROR!~nOp = ~p~nExecResult = ~p~nState =~n~s",
[Op,ExecResult,ssh_trpt_test_lib:format_msg(S)]),
{fail, ExecResult};
- X -> ct:fail(X)
+ X ->
+ ct:pal("¤¤¤¤¤"),
+ ct:fail(X)
end.
%%%--------------------------------------------------------------------
diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl
index 75f495b6d7..38b2789742 100644
--- a/lib/ssh/test/ssh_trpt_test_lib.erl
+++ b/lib/ssh/test/ssh_trpt_test_lib.erl
@@ -42,8 +42,8 @@
seen_hello = false,
enc = <<>>,
ssh = #ssh{}, % #ssh{}
- own_kexinit,
- peer_kexinit,
+ alg_neg = {undefined,undefined}, % {own_kexinit, peer_kexinit}
+ alg, % #alg{}
vars = dict:new(),
reply = [], % Some repy msgs are generated hidden in ssh_transport :[
prints = [],
@@ -140,7 +140,10 @@ op(receive_hello, S0) when S0#s.seen_hello =/= true ->
op(receive_msg, S) when S#s.seen_hello == true ->
try recv(S)
catch
- {tcp,Exc} -> S#s{return_value=Exc}
+ {tcp,Exc} ->
+ S1 = opt(print_messages, S,
+ fun(X) when X==true;X==detail -> {"Recv~n~p~n",[Exc]} end),
+ S1#s{return_value=Exc}
end;
@@ -206,6 +209,9 @@ op_val(E, S0) ->
end.
+fail(Reason, {Fmt,Args}, S) when is_list(Fmt), is_list(Args) ->
+ fail(Reason, save_prints({Fmt,Args}, S)).
+
fail(Reason, S) ->
throw({fail, Reason, S}).
@@ -312,38 +318,51 @@ send(S=#s{ssh=C}, hello) ->
send(S, list_to_binary(Hello));
send(S0, ssh_msg_kexinit) ->
- {Msg, Bytes, C0} = ssh_transport:key_exchange_init_msg(S0#s.ssh),
- S1 = opt(print_messages, S0,
- fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end),
- S = case ?role(S1) of
- server when is_record(S1#s.peer_kexinit, ssh_msg_kexinit) ->
- {ok, C} =
- ssh_transport:handle_kexinit_msg(S1#s.peer_kexinit, Msg, C0),
- S1#s{peer_kexinit = used,
- own_kexinit = used,
- ssh = C};
- _ ->
- S1#s{ssh = C0,
- own_kexinit = Msg}
- end,
- send_bytes(Bytes, S#s{return_value = Msg});
+ {Msg, _Bytes, _C0} = ssh_transport:key_exchange_init_msg(S0#s.ssh),
+ send(S0, Msg);
-send(S0, ssh_msg_kexdh_init) when ?role(S0) == client,
- is_record(S0#s.peer_kexinit, ssh_msg_kexinit),
- is_record(S0#s.own_kexinit, ssh_msg_kexinit) ->
+send(S0=#s{alg_neg={undefined,PeerMsg}}, Msg=#ssh_msg_kexinit{}) ->
+ S1 = opt(print_messages, S0,
+ fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end),
+ S2 = case PeerMsg of
+ #ssh_msg_kexinit{} ->
+ try ssh_transport:handle_kexinit_msg(PeerMsg, Msg, S1#s.ssh) of
+ {ok,Cx} when ?role(S1) == server ->
+ S1#s{alg = Cx#ssh.algorithms};
+ {ok,_NextKexMsgBin,Cx} when ?role(S1) == client ->
+ S1#s{alg = Cx#ssh.algorithms}
+ catch
+ Class:Exc ->
+ save_prints({"Algoritm negotiation failed at line ~p:~p~n~p:~s~nPeer: ~s~n Own: ~s~n",
+ [?MODULE,?LINE,Class,format_msg(Exc),format_msg(PeerMsg),format_msg(Msg)]},
+ S1)
+ end;
+ undefined ->
+ S1
+ end,
+ {Bytes, C} = ssh_transport:ssh_packet(Msg, S2#s.ssh),
+ send_bytes(Bytes, S2#s{return_value = Msg,
+ alg_neg = {Msg,PeerMsg},
+ ssh = C});
+
+send(S0, ssh_msg_kexdh_init) when ?role(S0) == client ->
+ {OwnMsg, PeerMsg} = S0#s.alg_neg,
{ok, NextKexMsgBin, C} =
- ssh_transport:handle_kexinit_msg(S0#s.peer_kexinit, S0#s.own_kexinit, S0#s.ssh),
-
+ try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S0#s.ssh)
+ catch
+ Class:Exc ->
+ fail("Algoritm negotiation failed!",
+ {"Algoritm negotiation failed at line ~p:~p~n~p:~s~nPeer: ~s~n Own: ~s",
+ [?MODULE,?LINE,Class,format_msg(Exc),format_msg(PeerMsg),format_msg(OwnMsg)]},
+ S0)
+ end,
S = opt(print_messages, S0,
fun(X) when X==true;X==detail ->
#ssh{keyex_key = {{_Private, Public}, {_G, _P}}} = C,
Msg = #ssh_msg_kexdh_init{e = Public},
{"Send (reconstructed)~n~s~n",[format_msg(Msg)]}
end),
-
- send_bytes(NextKexMsgBin, S#s{ssh = C,
- peer_kexinit = used,
- own_kexinit = used});
+ send_bytes(NextKexMsgBin, S#s{ssh = C});
send(S0, ssh_msg_kexdh_reply) ->
Bytes = proplists:get_value(ssh_msg_kexdh_reply, S0#s.reply),
@@ -389,26 +408,42 @@ recv(S0 = #s{}) ->
true ->
%% Has seen hello, therefore no more crlf-messages are alowed.
S = receive_binary_msg(S1),
- case M=S#s.return_value of
- #ssh_msg_kexinit{} when ?role(S) == server,
- S#s.own_kexinit =/= undefined ->
- {ok, C} =
- ssh_transport:handle_kexinit_msg(M, S#s.own_kexinit, S#s.ssh),
- S#s{peer_kexinit = used,
- own_kexinit = used,
- ssh = C};
- #ssh_msg_kexinit{} ->
- S#s{peer_kexinit = M};
+ case PeerMsg = S#s.return_value of
+ #ssh_msg_kexinit{} ->
+ case S#s.alg_neg of
+ {undefined,undefined} ->
+ S#s{alg_neg = {undefined,PeerMsg}};
+
+ {undefined,_} ->
+ fail("2 kexint received!!", S);
+
+ {OwnMsg, _} ->
+ try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S#s.ssh) of
+ {ok,C} when ?role(S) == server ->
+ S#s{alg_neg = {OwnMsg, PeerMsg},
+ alg = C#ssh.algorithms,
+ ssh = C};
+ {ok,_NextKexMsgBin,C} when ?role(S) == client ->
+ S#s{alg_neg = {OwnMsg, PeerMsg},
+ alg = C#ssh.algorithms}
+ catch
+ Class:Exc ->
+ save_prints({"Algoritm negotiation failed at line ~p:~p~n~p:~s~nPeer: ~s~n Own: ~s~n",
+ [?MODULE,?LINE,Class,format_msg(Exc),format_msg(PeerMsg),format_msg(OwnMsg)]},
+ S#s{alg_neg = {OwnMsg, PeerMsg}})
+ end
+ end;
+
#ssh_msg_kexdh_init{} -> % Always the server
- {ok, Reply, C} = ssh_transport:handle_kexdh_init(M, S#s.ssh),
+ {ok, Reply, C} = ssh_transport:handle_kexdh_init(PeerMsg, S#s.ssh),
S#s{ssh = C,
reply = [{ssh_msg_kexdh_reply,Reply} | S#s.reply]
};
#ssh_msg_kexdh_reply{} ->
- {ok, _NewKeys, C} = ssh_transport:handle_kexdh_reply(M, S#s.ssh),
+ {ok, _NewKeys, C} = ssh_transport:handle_kexdh_reply(PeerMsg, S#s.ssh),
S#s{ssh=C#ssh{send_sequence=S#s.ssh#ssh.send_sequence}}; % Back the number
#ssh_msg_newkeys{} ->
- {ok, C} = ssh_transport:handle_new_keys(M, S#s.ssh),
+ {ok, C} = ssh_transport:handle_new_keys(PeerMsg, S#s.ssh),
S#s{ssh=C};
_ ->
S
@@ -682,10 +717,18 @@ seqnum_trace(S) ->
print_traces(S) when S#s.prints == [] -> S;
print_traces(S) ->
+ Len = length(S#s.prints),
ct:log("~s",
- [lists:foldl(fun({Fmt,Args}, Acc) ->
- [io_lib:format(Fmt,Args) | Acc]
- end, "", S#s.prints)]
+ [lists:foldl(
+ fun({Fmt,Args}, Acc) ->
+ [case Len-length(Acc)-1 of
+ 0 ->
+ io_lib:format(Fmt,Args);
+ N ->
+ io_lib:format(lists:concat(['~p --------~n',Fmt]),
+ [Len-length(Acc)-1|Args])
+ end | Acc]
+ end, "", S#s.prints)]
).
opt(Flag, S, Fun) when is_function(Fun,1) ->