From fe2f27c131a3b0298eda8aa58cf9524705e1d19a Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 2 Feb 2023 12:12:52 +0000 Subject: [PATCH] test compat_kex_proposal(); by dtucker@ --- regress/usr.bin/ssh/unittests/kex/Makefile | 4 +- .../usr.bin/ssh/unittests/kex/test_proposal.c | 79 +++++++++++++++++++ regress/usr.bin/ssh/unittests/kex/tests.c | 4 +- 3 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 regress/usr.bin/ssh/unittests/kex/test_proposal.c diff --git a/regress/usr.bin/ssh/unittests/kex/Makefile b/regress/usr.bin/ssh/unittests/kex/Makefile index 4e6548115aa..981affe3cbe 100644 --- a/regress/usr.bin/ssh/unittests/kex/Makefile +++ b/regress/usr.bin/ssh/unittests/kex/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.13 2023/01/15 23:35:10 djm Exp $ +# $OpenBSD: Makefile,v 1.14 2023/02/02 12:12:52 djm Exp $ PROG=test_kex -SRCS=tests.c test_kex.c +SRCS=tests.c test_kex.c test_proposal.c # From usr.bin/ssh SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c diff --git a/regress/usr.bin/ssh/unittests/kex/test_proposal.c b/regress/usr.bin/ssh/unittests/kex/test_proposal.c new file mode 100644 index 00000000000..b89ff59b6d8 --- /dev/null +++ b/regress/usr.bin/ssh/unittests/kex/test_proposal.c @@ -0,0 +1,79 @@ +/* $OpenBSD: test_proposal.c,v 1.1 2023/02/02 12:12:52 djm Exp $ */ +/* + * Regress test KEX + * + * Placed in the public domain + */ + +#include +#include +#include +#include +#include +#include + +#include "test_helper.h" + +#include "compat.h" +#include "ssherr.h" +#include "sshbuf.h" +#include "kex.h" +#include "packet.h" +#include "xmalloc.h" + +void kex_proposal(void); + +#define CURVE25519 "curve25519-sha256@libssh.org" +#define DHGEX1 "diffie-hellman-group-exchange-sha1" +#define DHGEX256 "diffie-hellman-group-exchange-sha256" +#define KEXALGOS CURVE25519","DHGEX256","DHGEX1 +void +kex_proposal(void) +{ + size_t i; + struct ssh ssh; + char *result, *out, *in; + struct { + char *in; /* TODO: make this const */ + char *out; + int compat; + } tests[] = { + { KEXALGOS, KEXALGOS, 0}, + { KEXALGOS, DHGEX256","DHGEX1, SSH_BUG_CURVE25519PAD }, + { KEXALGOS, CURVE25519, SSH_OLD_DHGEX }, + { "a,"KEXALGOS, "a", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, + /* TODO: enable once compat_kex_proposal doesn't fatal() */ + /* { KEXALGOS, "", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, */ + }; + + TEST_START("compat_kex_proposal"); + for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) { + ssh.compat = tests[i].compat; + /* match entire string */ + result = compat_kex_proposal(&ssh, tests[i].in); + ASSERT_STRING_EQ(result, tests[i].out); + free(result); + /* match at end */ + in = kex_names_cat("a", tests[i].in); + out = kex_names_cat("a", tests[i].out); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + /* match at start */ + in = kex_names_cat(tests[i].in, "a"); + out = kex_names_cat(tests[i].out, "a"); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + /* match in middle */ + xasprintf(&in, "a,%s,b", tests[i].in); + if (*(tests[i].out) == '\0') + out = xstrdup("a,b"); + else + xasprintf(&out, "a,%s,b", tests[i].out); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + } + TEST_DONE(); +} diff --git a/regress/usr.bin/ssh/unittests/kex/tests.c b/regress/usr.bin/ssh/unittests/kex/tests.c index 1e519fe4b1e..26592d54505 100644 --- a/regress/usr.bin/ssh/unittests/kex/tests.c +++ b/regress/usr.bin/ssh/unittests/kex/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.1 2015/01/15 23:41:29 markus Exp $ */ +/* $OpenBSD: tests.c,v 1.2 2023/02/02 12:12:52 djm Exp $ */ /* * Placed in the public domain */ @@ -6,9 +6,11 @@ #include "test_helper.h" void kex_tests(void); +void kex_proposal(void); void tests(void) { kex_tests(); + kex_proposal(); } -- 2.20.1