From ba7b10c4fa2787e11bde6ddacc97ab90fe858484 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Aug 2015 22:12:18 +0200 Subject: ssh: Elliptic Curve Diffie-Hellman (ECDH) Adds ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp512 and OTP-12938 hmac-sha2-512 --- lib/ssh/test/ssh_basic_SUITE.erl | 14 +++++++++++++- lib/ssh/test/ssh_protocol_SUITE.erl | 27 +++++++++++++++------------ lib/ssh/test/ssh_to_openssh_SUITE.erl | 21 ++++++++++++--------- lib/ssh/test/ssh_trpt_test_lib.erl | 20 +++++++++++++++++++- 4 files changed, 59 insertions(+), 23 deletions(-) (limited to 'lib/ssh/test') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 6dfff945ac..27b611780d 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -96,7 +96,10 @@ groups() -> {key_exchange, [], ['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group1-sha1', - 'diffie-hellman-group14-sha1' + 'diffie-hellman-group14-sha1', + 'ecdh-sha2-nistp256', + 'ecdh-sha2-nistp384', + 'ecdh-sha2-nistp521' ]}, {dir_options, [], [user_dir_option, system_dir_option]} @@ -845,6 +848,15 @@ ssh_msg_debug_fun_option_client(Config) -> 'diffie-hellman-group14-sha1'(Config) -> kextest('diffie-hellman-group14-sha1',Config). +'ecdh-sha2-nistp256'(Config) -> + kextest('ecdh-sha2-nistp256',Config). + +'ecdh-sha2-nistp384'(Config) -> + kextest('ecdh-sha2-nistp384',Config). + +'ecdh-sha2-nistp521'(Config) -> + kextest('ecdh-sha2-nistp521',Config). + kextest(Kex, Config) -> case lists:member(Kex, ssh_transport:supported_algorithms(kex)) of diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index dc02b940d7..132be3beb2 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -115,7 +115,8 @@ lib_works_as_client(Config) -> [{set_options, [print_ops, print_seqnums, print_messages]}, {connect, server_host(Config),server_port(Config), - [{silently_accept_hosts, true}, + [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}, + {silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}]}, receive_hello, @@ -207,7 +208,9 @@ lib_works_as_server(Config) -> end), %% and finally connect to it with a regular Erlang SSH client: - {ok,_} = std_connect(HostPort, Config). + {ok,_} = std_connect(HostPort, Config, + [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}] + ). %%-------------------------------------------------------------------- %%% Matching @@ -449,24 +452,24 @@ server_user_password(N, Config) -> lists:nth(N, ?v(user_passwords,Config)). std_connect(Config) -> - {User,Pwd} = server_user_password(Config), - std_connect(server_host(Config), server_port(Config), - Config, - [{user,User},{password,Pwd}]). + std_connect({server_host(Config), server_port(Config)}, Config). std_connect({Host,Port}, Config) -> - {User,Pwd} = server_user_password(Config), - std_connect(Host, Port, Config, [{user,User},{password,Pwd}]). + std_connect({Host,Port}, Config, []). std_connect({Host,Port}, Config, Opts) -> std_connect(Host, Port, Config, Opts). std_connect(Host, Port, Config, Opts) -> + {User,Pwd} = server_user_password(Config), ssh:connect(Host, Port, - [{silently_accept_hosts, true}, - {user_dir, user_dir(Config)}, - {user_interaction, false} | Opts], + %% Prefere User's Opts to the default opts + [O || O = {Tag,_} <- [{user,User},{password,Pwd}, + {silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}], + not lists:keymember(Tag, 1, Opts) + ] ++ Opts, 30000). - %%%---------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 06bf264033..663168b169 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -204,6 +204,7 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) -> Success = lists:foldl( fun(Kex, Acc) -> + ct:log("============= ~p ============= ~p",[Kex,Acc]), ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, {user_interaction, false}, @@ -228,13 +229,14 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) -> Acc; Other -> ct:log("~p failed: ~p",[Kex,Other]), - false + [Kex|Acc] end - end, true, ssh_transport:supported_algorithms(kex)), + end, [], ssh_transport:supported_algorithms(kex)), case Success of - true -> + [] -> ok; - false -> + BadKex -> + ct:log("Bad kex algos: ~p",[BadKex]), {fail, "Kex failed for one or more algos"} end. @@ -412,7 +414,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> Acc after ?TIMEOUT -> ct:log("Did not receive answer for ~p",[Kex]), - false + [Kex|Acc] end; false -> receive @@ -420,17 +422,18 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> Acc after ?TIMEOUT -> ct:log("Did not receive no matching kex message for ~p",[Kex]), - false + [Kex|Acc] end end - end, true, Kexs), + end, [], Kexs), ssh:stop_daemon(Pid), case Success of - true -> + [] -> ok; - false -> + BadKex -> + ct:log("Bad kex algos: ~p",[BadKex]), {fail, "Kex failed for one or more algos"} end. diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 38b2789742..66df890f5c 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -533,7 +533,7 @@ receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize, <> = EncRest, case {ssh_transport:is_valid_mac(Mac, SshPacket, C2), - catch ssh_message:decode(Payload)} + catch ssh_message:decode(set_prefix_if_trouble(Payload,S1))} of {false, _} -> fail(bad_mac,S1); {_, {'EXIT',_}} -> fail(decode_failed,S1); @@ -557,6 +557,24 @@ receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize, end. +set_prefix_if_trouble(Msg = <>, #s{alg=#alg{kex=Kex}}) + when Op == 30; + Op == 31 + -> + case catch atom_to_list(Kex) of + "ecdh-sha2-" ++ _ -> + <<"ecdh",Msg/binary>>; + "diffie-hellman-group-exchange-" ++ _ -> + <<"dh_gex",Msg/binary>>; + "diffie-hellman-group" ++ _ -> + <<"dh",Msg/binary>>; + _ -> + Msg + end; +set_prefix_if_trouble(Msg, _) -> + Msg. + + receive_poll(S=#s{socket=Sock}) -> inet:setopts(Sock, [{active,once}]), receive -- cgit v1.2.3