From a9bedfb5b9a469642c0e8bf315f41a2505444cd6 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 30 Jun 2015 15:40:16 +0200
Subject: ssh: testcases for no common algorithms in key exchange

---
 lib/ssh/src/ssh_transport.erl | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

(limited to 'lib/ssh/src')

diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index f4e6a23a1e..2e7391e1f8 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -246,26 +246,41 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own,
 				   Ssh0#ssh{algorithms = Algoritms});
 	_  ->
 	    %% TODO: Correct code?
-	    throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
+	    throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
 				      description = "Selection of key exchange"
 				      " algorithm failed", 
-				      language = "en"})
+				      language = ""})
     end;
 
 handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own,
 			    #ssh{role = server} = Ssh) ->
     {ok, Algoritms} = select_algorithm(server, CounterPart, Own),
-    {ok, Ssh#ssh{algorithms = Algoritms}}.
+    case  verify_algorithm(Algoritms) of
+	true ->
+	    {ok, Ssh#ssh{algorithms = Algoritms}};
+	_ ->
+	    throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
+				      description = "Selection of key exchange"
+				      " algorithm failed",
+				      language = ""})
+    end.
 
 
 %% TODO: diffie-hellman-group14-sha1 should also be supported.
 %% Maybe check more things ...
-verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) ->
-    true;
-verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) ->
-    true;
-verify_algorithm(_) ->
-    false.
+
+verify_algorithm(#alg{kex = undefined}) -> false;
+verify_algorithm(#alg{hkey = undefined}) -> false;
+verify_algorithm(#alg{send_mac = undefined}) -> false;
+verify_algorithm(#alg{recv_mac = undefined}) -> false;
+verify_algorithm(#alg{encrypt = undefined}) -> false;
+verify_algorithm(#alg{decrypt = undefined}) -> false;
+verify_algorithm(#alg{compress = undefined}) -> false;
+verify_algorithm(#alg{decompress = undefined}) -> false;
+
+verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true;
+verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true;
+verify_algorithm(_) -> false.
 
 key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) ->
     {G, P} = dh_group1(),
-- 
cgit v1.2.3