[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/2] tests/pkd: repro rsa-sha2-{256,512} negotiation bug


Add four passes to the pkd tests to exercise codepaths where an
OpenSSH client requests these HostKeyAlgorithms combinations:

 * rsa-sha2-256
 * rsa-sha2-512
 * rsa-sha2-256,rsa-sha2-512
 * rsa-sha2-512,rsa-sha2-256

The tests demonstrate that the third combination currently fails:
libssh ends up choosing `rsa-sha2-512` instead of `rsa-sha2-256`,
and the initial exchange fails on the client side citing a signature
failure.

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 tests/pkd/pkd_client.h | 15 +++++++++------
 tests/pkd/pkd_hello.c  |  8 ++++++++
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/tests/pkd/pkd_client.h b/tests/pkd/pkd_client.h
index 4d01a607..783d4886 100644
--- a/tests/pkd/pkd_client.h
+++ b/tests/pkd/pkd_client.h
@@ -46,12 +46,12 @@
   OPENSSH_PKACCEPTED_ECDSA      \
   OPENSSH_PKACCEPTED_DSA
 
-#define OPENSSH_CMD_START \
+#define OPENSSH_CMD_START(hostkey_algos) \
     OPENSSH_BINARY " "                  \
     "-o UserKnownHostsFile=/dev/null "  \
     "-o StrictHostKeyChecking=no "      \
     "-F /dev/null "                     \
-    OPENSSH_HOSTKEY_ALGOS " "           \
+    hostkey_algos " "                   \
     OPENSSH_PKACCEPTED_TYPES " "        \
     "-i " CLIENT_ID_FILE " "            \
     "1> %s.out "                        \
@@ -61,16 +61,19 @@
 #define OPENSSH_CMD_END "-p 1234 localhost ls"
 
 #define OPENSSH_CMD \
-    OPENSSH_CMD_START OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) OPENSSH_CMD_END
 
 #define OPENSSH_KEX_CMD(kexalgo) \
-    OPENSSH_CMD_START "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o KexAlgorithms=" kexalgo " " OPENSSH_CMD_END
 
 #define OPENSSH_CIPHER_CMD(ciphers) \
-    OPENSSH_CMD_START "-c " ciphers " " OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-c " ciphers " " OPENSSH_CMD_END
 
 #define OPENSSH_MAC_CMD(macs) \
-    OPENSSH_CMD_START "-o MACs=" macs " " OPENSSH_CMD_END
+    OPENSSH_CMD_START(OPENSSH_HOSTKEY_ALGOS) "-o MACs=" macs " " OPENSSH_CMD_END
+
+#define OPENSSH_HOSTKEY_CMD(hostkeyalgo) \
+    OPENSSH_CMD_START("-o HostKeyAlgorithms=" hostkeyalgo " ") OPENSSH_CMD_END
 
 
 /* Dropbear */
diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c
index 4c16267b..a259be32 100644
--- a/tests/pkd/pkd_hello.c
+++ b/tests/pkd/pkd_hello.c
@@ -526,6 +526,12 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
     f(client, ecdsa_521_hmac_sha2_512,  maccmd("hmac-sha2-512"),  setup_ecdsa_521,  teardown)
 #endif
 
+#define PKDTESTS_HOSTKEY_OPENSSHONLY(f, client, hkcmd) \
+    f(client, rsa_sha2_256,      hkcmd("rsa-sha2-256"),               setup_rsa,  teardown) \
+    f(client, rsa_sha2_512,      hkcmd("rsa-sha2-512"),               setup_rsa,  teardown) \
+    f(client, rsa_sha2_256_512,  hkcmd("rsa-sha2-256,rsa-sha2-512"),  setup_rsa,  teardown) \
+    f(client, rsa_sha2_512_256,  hkcmd("rsa-sha2-512,rsa-sha2-256"),  setup_rsa,  teardown)
+
 static void torture_pkd_client_noop(void **state) {
     struct pkd_state *pstate = (struct pkd_state *) (*state);
     (void) pstate;
@@ -593,6 +599,7 @@ PKDTESTS_CIPHER(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
 PKDTESTS_CIPHER_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_CIPHER_CMD)
 PKDTESTS_MAC(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
 PKDTESTS_MAC_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_MAC_CMD)
+PKDTESTS_HOSTKEY_OPENSSHONLY(emit_keytest, openssh_rsa, OPENSSH_HOSTKEY_CMD)
 #undef CLIENT_ID_FILE
 
 #define CLIENT_ID_FILE OPENSSH_ECDSA256_TESTKEY
@@ -669,6 +676,7 @@ struct {
     PKDTESTS_CIPHER_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_CIPHER_CMD)
     PKDTESTS_MAC(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
     PKDTESTS_MAC_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_MAC_CMD)
+    PKDTESTS_HOSTKEY_OPENSSHONLY(emit_testmap, openssh_rsa, OPENSSH_HOSTKEY_CMD)
 
     PKDTESTS_DEFAULT(emit_testmap, openssh_e256, OPENSSH_CMD)
     PKDTESTS_DEFAULT_OPENSSHONLY(emit_testmap, openssh_e256, OPENSSH_CMD)
-- 
2.19.1.593.gc670b1f


References:
[PATCH 0/2] kex: fix RFC8332 RSA extension selection bugJon Simons <jon@xxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org