Test for ecdh and dh-group1

2025-07-31 00:03:07 +03:00 · 2011-06-12 20:54:33 +02:00
parent b54e8cdae5
commit 113de13543
3 changed files with 59 additions and 1 deletions
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@ -303,7 +303,8 @@ enum ssh_options_e {
  SSH_OPTIONS_BINDADDR,
  SSH_OPTIONS_STRICTHOSTKEYCHECK,
  SSH_OPTIONS_COMPRESSION,
-  SSH_OPTIONS_COMPRESSION_LEVEL
+  SSH_OPTIONS_COMPRESSION_LEVEL,
+  SSH_OPTIONS_KEY_EXCHANGE
 };

 enum {
--- a/src/options.c
+++ b/src/options.c
@ -312,6 +312,11 @@ int ssh_options_set_algo(ssh_session session, int algo,
 *                Set the symmetric cipher server to client (const char *,
 *                comma-separated list).
 *
+ *              - SSH_OPTIONS_KEY_EXCHANGE:
+ *                Set the key exchange method to be used (const char *,
+ *                comma-separated list). ex:
+ *                "ecdh-sha2-nistp256,diffie-hellman-group1-sha1"
+ *
 *              - SSH_OPTIONS_COMPRESSION_C_S:
 *                Set the compression to use for client to server
 *                communication (const char *, "yes", "no" or a specific
@ -583,6 +588,15 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
          return -1;
      }
      break;
+    case SSH_OPTIONS_KEY_EXCHANGE:
+      if(value == NULL) {
+        ssh_set_error_invalid(session, __FUNCTION__);
+        return -1;
+      } else {
+        if (ssh_options_set_algo(session, SSH_KEX, value) < 0)
+          return -1;
+      }
+      break;
    case SSH_OPTIONS_COMPRESSION_C_S:
      if (value == NULL) {
        ssh_set_error_invalid(session, __FUNCTION__);
--- a/tests/client/torture_algorithms.c
+++ b/tests/client/torture_algorithms.c
@ -148,6 +148,47 @@ static void torture_algorithms_zlib_openssh(void **state) {
    ssh_disconnect(session);
 }

+static void torture_algorithms_ecdh_sha2_nistp256(void **state) {
+    ssh_session session = *state;
+    int rc;
+
+    rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost");
+    assert_true(rc == SSH_OK);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp256");
+    assert_true(rc == SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_true(rc == SSH_OK);
+    rc = ssh_userauth_none(session, NULL);
+    if (rc != SSH_OK) {
+      rc = ssh_get_error_code(session);
+      assert_true(rc == SSH_REQUEST_DENIED);
+    }
+
+    ssh_disconnect(session);
+}
+
+static void torture_algorithms_dh_group1(void **state) {
+    ssh_session session = *state;
+    int rc;
+
+    rc = ssh_options_set(session,SSH_OPTIONS_HOST,"localhost");
+    assert_true(rc == SSH_OK);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "diffie-hellman-group1-sha1");
+    assert_true(rc == SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_true(rc == SSH_OK);
+    rc = ssh_userauth_none(session, NULL);
+    if (rc != SSH_OK) {
+      rc = ssh_get_error_code(session);
+      assert_true(rc == SSH_REQUEST_DENIED);
+    }
+
+    ssh_disconnect(session);
+}
 int torture_run_tests(void) {
    int rc;
    const UnitTest tests[] = {
@ -161,6 +202,8 @@ int torture_run_tests(void) {
        unit_test_setup_teardown(torture_algorithms_blowfish_cbc, setup, teardown),
        unit_test_setup_teardown(torture_algorithms_zlib, setup, teardown),
        unit_test_setup_teardown(torture_algorithms_zlib_openssh, setup, teardown),
+        unit_test_setup_teardown(torture_algorithms_dh_group1,setup,teardown),
+        unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256,setup,teardown)
    };

    ssh_init();