diff options
author | Miklos Fazekas <mfazekas@szemafor.com> | 2020-04-20 14:00:42 +0200 |
---|---|---|
committer | Miklos Fazekas <mfazekas@szemafor.com> | 2020-04-20 14:18:54 +0200 |
commit | 2da032676fdffc052cfa8adeba7b8640010e97ff (patch) | |
tree | 6ecdf8efc36b5d3a6ac27af43407f29bdc349a2c | |
parent | d37be56efa2d2bcfac78e318ed3c6aef521a2dad (diff) | |
download | net-ssh-2da032676fdffc052cfa8adeba7b8640010e97ff.tar.gz |
Added new basic hmac integration test for etm
-rw-r--r-- | lib/net/ssh/transport/packet_stream.rb | 4 | ||||
-rw-r--r-- | test/integration/playbook.yml | 7 | ||||
-rw-r--r-- | test/integration/test_curve25519sha256.rb | 1 | ||||
-rw-r--r-- | test/integration/test_hmac_etm.rb | 59 |
4 files changed, 68 insertions, 3 deletions
diff --git a/lib/net/ssh/transport/packet_stream.rb b/lib/net/ssh/transport/packet_stream.rb index dfdde08..345268e 100644 --- a/lib/net/ssh/transport/packet_stream.rb +++ b/lib/net/ssh/transport/packet_stream.rb @@ -215,6 +215,7 @@ module Net # read, post-processed according to the cipher, hmac, and compression # algorithms specified in the server state object, and returned as a # new Packet object. + # rubocop:disable Metrics/AbcSize def poll_next_packet aad_length = server.hmac.etm ? 4 : 0 @@ -260,7 +261,7 @@ module Net else server.hmac.digest([server.sequence_number, @packet.content].pack("NA*")) end - raise Net::SSH::Exception, "corrupted hmac detected" if real_hmac != my_computed_hmac + raise Net::SSH::Exception, "corrupted hmac detected #{server.hmac.class}" if real_hmac != my_computed_hmac # try to decompress the payload, in case compression is active payload = server.decompress(payload) @@ -273,6 +274,7 @@ module Net return Packet.new(payload) end end + # rubocop:enable Metrics/AbcSize end end diff --git a/test/integration/playbook.yml b/test/integration/playbook.yml index dd9d078..c514ebe 100644 --- a/test/integration/playbook.yml +++ b/test/integration/playbook.yml @@ -8,8 +8,11 @@ homedir: /home/vagrant ruby_version: '2.0.0-p598' ruby_versions: - - '2.0.0-p598' - - '2.3.0' + - '2.3.8' + - '2.5.9' + - '2.6.5' + - '2.7.1' + - 'ruby-head' # - 'rbx-3.19' # - 'jruby-9.0.5.0' rvm_install_path: '/usr/local/rvm' diff --git a/test/integration/test_curve25519sha256.rb b/test/integration/test_curve25519sha256.rb index b684c00..e2e38c2 100644 --- a/test/integration/test_curve25519sha256.rb +++ b/test/integration/test_curve25519sha256.rb @@ -33,6 +33,7 @@ unless ENV['NET_SSH_NO_ED25519'] # We have our own sshd, give it a chance to come up before # listening. ret = Net::SSH.start("localhost", "net_ssh_1", password: 'foopwd', port: port, user_known_hosts_file: [f.path]) do |ssh| + assert_equal ssh.transport.algorithms.kex, "curve25519-sha256" ssh.exec! "echo 'foo'" end assert_equal "foo\n", ret diff --git a/test/integration/test_hmac_etm.rb b/test/integration/test_hmac_etm.rb new file mode 100644 index 0000000..cb73133 --- /dev/null +++ b/test/integration/test_hmac_etm.rb @@ -0,0 +1,59 @@ +require_relative 'common' +require 'fileutils' +require 'tmpdir' + +require 'net/ssh' + +require 'timeout' + +# see Vagrantfile,playbook for env. +# we're running as net_ssh_1 user password foo +# and usually connecting to net_ssh_2 user password foo2pwd +class TestHMacEtm < NetSSHTest + include IntegrationTestHelpers + + variants = { + etm256: "hmac-sha2-256-etm@openssh.com", + etm512: "hmac-sha2-512-etm@openssh.com" + } + + def config_with_macs(macs) + config_lines = File.read('/etc/ssh/sshd_config').split("\n") + config_lines = config_lines.map do |line| + if line =~ /^MACs/ + "##{line}" + else + line + end + end + config_lines.push("MACs #{macs}") + end + + variants.each do |key,variant| + define_method "test_with_only_hmac_etm#{key}" do + start_sshd_7_or_later(config: config_with_macs(variant)) do |_pid, port| + Timeout.timeout(4) do + begin + # We have our own sshd, give it a chance to come up before + # listening. + ret = Net::SSH.start( + "localhost", + "net_ssh_1", + password: 'foopwd', + port: port, + hmac: [variant] + ) do |ssh| + assert_equal ssh.transport.algorithms.hmac_client, variant + assert_equal ssh.transport.algorithms.hmac_server, variant + ssh.exec! "echo 'foo123'" + end + assert_equal "foo123\n", ret + rescue SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH + sleep 0.25 + retry + end + end + end + end + end +end
\ No newline at end of file |