ecdh: enable ecdh_sha2_nistp{384,521} kex methods

Summary: Based on Dirkjan's original patch series here: * https://www.libssh.org/archive/libssh/2015-08/0000029.html Here the changes are adapted for the current master branch, and expanded to include libgcrypt support. Co-Authored-By: Dirkjan Bussink <d.bussink@gmail.com> Signed-off-by: Jon Simons <jon@jonsimons.org> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Test Plan: * Ran pkd tests for libcrypto and libgcrypt builds. * Ran client torture_algorithms.c tests for libcrypto and libgcrypt builds. * Tested across multiple libgcrypts ("1.6.3" and "1.7.6-beta"). Reviewers: aris, asn Tags: #libssh Differential Revision: https://bugs.libssh.org/D7
2025-07-29 13:01:13 +03:00 · 2017-08-24 18:14:38 +02:00
parent 74d17a6531
commit 6252aab88a
11 changed files with 184 additions and 12 deletions
--- a/tests/client/torture_algorithms.c
+++ b/tests/client/torture_algorithms.c
@ -325,7 +325,7 @@ static void torture_algorithms_zlib_openssh(void **state) {
    ssh_disconnect(session);
 }

-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_ECC)
+#if defined(HAVE_ECC)
 static void torture_algorithms_ecdh_sha2_nistp256(void **state) {
    struct torture_state *s = *state;
    ssh_session session = s->ssh.session;
@ -344,6 +344,44 @@ static void torture_algorithms_ecdh_sha2_nistp256(void **state) {

    ssh_disconnect(session);
 }
+
+static void torture_algorithms_ecdh_sha2_nistp384(void **state) {
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp384");
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_userauth_none(session, NULL);
+    if (rc != SSH_OK) {
+      rc = ssh_get_error_code(session);
+      assert_int_equal(rc, SSH_REQUEST_DENIED);
+    }
+
+    ssh_disconnect(session);
+}
+
+static void torture_algorithms_ecdh_sha2_nistp521(void **state) {
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    int rc;
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KEY_EXCHANGE, "ecdh-sha2-nistp521");
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_connect(session);
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_userauth_none(session, NULL);
+    if (rc != SSH_OK) {
+      rc = ssh_get_error_code(session);
+      assert_int_equal(rc, SSH_REQUEST_DENIED);
+    }
+
+    ssh_disconnect(session);
+}
 #endif

 static void torture_algorithms_dh_group1(void **state) {
@ -448,10 +486,16 @@ int torture_run_tests(void) {
        cmocka_unit_test_setup_teardown(torture_algorithms_dh_group1,
                                        session_setup,
                                        session_teardown),
-#if defined(HAVE_LIBCRYPTO) && defined(HAVE_ECC)
+#if defined(HAVE_ECC)
        cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp256,
                                        session_setup,
                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp384,
+                                        session_setup,
+                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_algorithms_ecdh_sha2_nistp521,
+                                        session_setup,
+                                        session_teardown),
 #endif
    };