diff options
author | Mats Lindestam <matslm@axis.com> | 2021-09-26 23:20:53 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-09-26 23:20:53 +0200 |
commit | d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c (patch) | |
tree | 549f3d1e4f04ecc8c499aafa4d21bd968b32a461 /tests | |
parent | 1ca62bb5ce3f37174d4bf3f9f70674c4af4396df (diff) | |
download | curl-d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c.tar.gz |
libssh2: add SHA256 fingerprint support
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
Diffstat (limited to 'tests')
-rw-r--r-- | tests/.gitignore | 1 | ||||
-rw-r--r-- | tests/FILEFORMAT.md | 1 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test3021 | 44 | ||||
-rw-r--r-- | tests/data/test3022 | 44 | ||||
-rwxr-xr-x | tests/runtests.pl | 13 | ||||
-rw-r--r-- | tests/sshhelp.pm | 3 | ||||
-rw-r--r-- | tests/sshserver.pl | 18 |
8 files changed, 122 insertions, 4 deletions
diff --git a/tests/.gitignore b/tests/.gitignore index 00f787cc8..a8882b275 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -7,6 +7,7 @@ curl_client_knownhosts curl_host_rsa_key curl_host_rsa_key.pub curl_host_rsa_key.pub_md5 +curl_host_rsa_key.pub_sha256 curl_sftp_cmds curl_sftp_config curl_ssh_config diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md index 7a9c48204..df61c412f 100644 --- a/tests/FILEFORMAT.md +++ b/tests/FILEFORMAT.md @@ -148,6 +148,7 @@ Available substitute variables include: - `%SRCDIR` - Full path to the source dir - `%SSHPORT` - Port number of the SCP/SFTP server - `%SSHSRVMD5` - MD5 of SSH server's public key +- `%SSHSRVSHA256` - SHA256 of SSH server's public key - `%SSH_PWD` - Current directory friendly for the SSH server - `%TESTNUMBER` - Number of the test case - `%TFTP6PORT` - IPv6 port number of the TFTP server diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 1f774ce4e..d906ca338 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -237,4 +237,4 @@ test2200 test2201 test2202 test2203 test2204 test2205 \ \ test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 \ test3008 test3009 test3010 test3011 test3012 test3013 test3014 test3015 \ -test3016 test3017 test3018 test3019 test3020 +test3016 test3017 test3018 test3019 test3020 test3021 test3022 diff --git a/tests/data/test3021 b/tests/data/test3021 new file mode 100644 index 000000000..0a02e1844 --- /dev/null +++ b/tests/data/test3021 @@ -0,0 +1,44 @@ +<testcase> +<info> +<keywords> +SFTP +server sha256 key check +</keywords> +</info> + +# +# Server-side +<reply> +<data> +test +</data> +</reply> + +# +# Client-side +<client> +<server> +sftp +</server> + <name> +SFTP correct sha256 host key + </name> + <command> +--hostpubsha256 %SSHSRVSHA256 --key curl_client_key --pubkey curl_client_key.pub -u %USER: sftp://%HOSTIP:%SSHPORT%SSH_PWD/log/file%TESTNUMBER.txt +</command> +<file name="log/file%TESTNUMBER.txt"> +test +</file> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<errorcode> +0 +</errorcode> +<valgrind> +disable +</valgrind> +</verify> +</testcase> diff --git a/tests/data/test3022 b/tests/data/test3022 new file mode 100644 index 000000000..f3477909d --- /dev/null +++ b/tests/data/test3022 @@ -0,0 +1,44 @@ +<testcase> +<info> +<keywords> +SCP +server sha256 key check +</keywords> +</info> + +# +# Server-side +<reply> +<data> +test +</data> +</reply> + +# +# Client-side +<client> +<server> +scp +</server> + <name> +SCP correct sha256 host key + </name> + <command> +--hostpubsha256 %SSHSRVSHA256 --key curl_client_key --pubkey curl_client_key.pub -u %USER: scp://%HOSTIP:%SSHPORT%SSH_PWD/log/file%TESTNUMBER.txt +</command> +<file name="log/file%TESTNUMBER.txt"> +test +</file> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<errorcode> +0 +</errorcode> +<valgrind> +disable +</valgrind> +</verify> +</testcase> diff --git a/tests/runtests.pl b/tests/runtests.pl index 38b76e878..9a1c169b6 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -168,6 +168,7 @@ my $proxy_address; my %custom_skip_reasons; my $SSHSRVMD5 = "[uninitialized]"; # MD5 of ssh server public key +my $SSHSRVSHA256 = "[uninitialized]"; # SHA256 of ssh server public key my $VERSION=""; # curl's reported version number my $srcdir = $ENV{'srcdir'} || '.'; @@ -2287,6 +2288,17 @@ sub runsshserver { die $msg; } + my $hstpubsha256f = "curl_host_rsa_key.pub_sha256"; + if(!open(PUBSHA256FILE, "<", $hstpubsha256f) || + (read(PUBSHA256FILE, $SSHSRVSHA256, 48) == 0) || + !close(PUBSHA256FILE)) + { + my $msg = "Fatal: $srvrname pubkey sha256 missing : \"$hstpubsha256f\" : $!"; + logmsg "$msg\n"; + stopservers($verbose); + die $msg; + } + logmsg "RUN: $srvrname on PID $pid2 port $wport\n" if($verbose); return ($pid2, $sshpid, $wport); @@ -3374,6 +3386,7 @@ sub subVariables { $$thing =~ s/${prefix}USER/$USER/g; $$thing =~ s/${prefix}SSHSRVMD5/$SSHSRVMD5/g; + $$thing =~ s/${prefix}SSHSRVSHA256/$SSHSRVSHA256/g; # The purpose of FTPTIME2 and FTPTIME3 is to provide times that can be # used for time-out tests and that would work on most hosts as these diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm index 0f71b3079..41047e9c6 100644 --- a/tests/sshhelp.pm +++ b/tests/sshhelp.pm @@ -51,6 +51,7 @@ use vars qw( $hstprvkeyf $hstpubkeyf $hstpubmd5f + $hstpubsha256f $cliprvkeyf $clipubkeyf @sftppath @@ -84,6 +85,7 @@ use vars qw( $hstprvkeyf $hstpubkeyf $hstpubmd5f + $hstpubsha256f $cliprvkeyf $clipubkeyf display_sshdconfig @@ -125,6 +127,7 @@ $knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file $hstprvkeyf = 'curl_host_rsa_key'; # host private key file $hstpubkeyf = 'curl_host_rsa_key.pub'; # host public key file $hstpubmd5f = 'curl_host_rsa_key.pub_md5'; # md5 hash of host public key +$hstpubsha256f = 'curl_host_rsa_key.pub_sha256'; # sha256 hash of host public key $cliprvkeyf = 'curl_client_key'; # client private key file $clipubkeyf = 'curl_client_key.pub'; # client public key file diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 412cab33e..526ed099f 100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -30,6 +30,8 @@ use Cwd; use Cwd 'abs_path'; use Digest::MD5; use Digest::MD5 'md5_hex'; +use Digest::SHA; +use Digest::SHA 'sha256_base64'; use MIME::Base64; #*************************************************************************** @@ -52,6 +54,7 @@ use sshhelp qw( $hstprvkeyf $hstpubkeyf $hstpubmd5f + $hstpubsha256f $cliprvkeyf $clipubkeyf display_sshdconfig @@ -362,10 +365,12 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum < 299)) || if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || (! -e $hstpubkeyf) || (! -s $hstpubkeyf) || (! -e $hstpubmd5f) || (! -s $hstpubmd5f) || + (! -e $hstpubsha256f) || (! -s $hstpubsha256f) || (! -e $cliprvkeyf) || (! -s $cliprvkeyf) || (! -e $clipubkeyf) || (! -s $clipubkeyf)) { # Make sure all files are gone so ssh-keygen doesn't complain - unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $cliprvkeyf, $clipubkeyf); + unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f, + $cliprvkeyf, $clipubkeyf); logmsg 'generating host keys...' if($verbose); if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") { logmsg 'Could not generate host key'; @@ -379,7 +384,7 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || # Make sure that permissions are restricted so openssh doesn't complain system "chmod 600 $hstprvkeyf"; system "chmod 600 $cliprvkeyf"; - # Save md5 hash of public host key + # Save md5 and sha256 hashes of public host key open(RSAKEYFILE, "<$hstpubkeyf"); my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> }; close(RSAKEYFILE); @@ -394,6 +399,13 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || logmsg 'Failed writing md5 hash of RSA host key'; exit 1; } + open(PUBSHA256FILE, ">$hstpubsha256f"); + print PUBSHA256FILE sha256_base64(decode_base64($rsahostkey[1])); + close(PUBSHA256FILE); + if((! -e $hstpubsha256f) || (! -s $hstpubsha256f)) { + logmsg 'Failed writing sha256 hash of RSA host key'; + exit 1; + } } @@ -1141,7 +1153,7 @@ elsif($verbose && ($rc >> 8)) { #*************************************************************************** # Clean up once the server has stopped # -unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, +unlink($hstprvkeyf, $hstpubkeyf, $hstpubmd5f, $hstpubsha256f, $cliprvkeyf, $clipubkeyf, $knownhosts, $sshdconfig, $sshconfig, $sftpconfig); |