Merge pull request #755 from mfazekas/int-test-etm

Added new basic hmac integration test for etm
author: Miklós Fazekas <mfazekas@szemafor.com> 2020-04-24 15:06:20 +0200
committer: GitHub <noreply@github.com> 2020-04-24 15:06:20 +0200
commit: 36ce409a8fd9f5984030e188b7f8c5b9601377ba (patch)
tree: 6ecdf8efc36b5d3a6ac27af43407f29bdc349a2c
parent: d37be56efa2d2bcfac78e318ed3c6aef521a2dad (diff)
parent: 2da032676fdffc052cfa8adeba7b8640010e97ff (diff)
download: net-ssh-36ce409a8fd9f5984030e188b7f8c5b9601377ba.tar.gz
4 files changed, 68 insertions, 3 deletions
diff --git a/lib/net/ssh/transport/packet_stream.rb b/lib/net/ssh/transport/packet_stream.rb
index dfdde08..345268e 100644
--- a/lib/net/ssh/transport/packet_stream.rb
+++ b/lib/net/ssh/transport/packet_stream.rb
@@ -215,6 +215,7 @@ module Net
         # read, post-processed according to the cipher, hmac, and compression
         # algorithms specified in the server state object, and returned as a
         # new Packet object.
+        # rubocop:disable Metrics/AbcSize
         def poll_next_packet
           aad_length = server.hmac.etm ? 4 : 0
 
@@ -260,7 +261,7 @@ module Net
                              else
                                server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
                              end
-          raise Net::SSH::Exception, "corrupted hmac detected" if real_hmac != my_computed_hmac
+          raise Net::SSH::Exception, "corrupted hmac detected #{server.hmac.class}" if real_hmac != my_computed_hmac
 
           # try to decompress the payload, in case compression is active
           payload = server.decompress(payload)
@@ -273,6 +274,7 @@ module Net
           return Packet.new(payload)
         end
       end
+      # rubocop:enable Metrics/AbcSize
 
     end
   end
diff --git a/test/integration/playbook.yml b/test/integration/playbook.yml
index dd9d078..c514ebe 100644
--- a/test/integration/playbook.yml
+++ b/test/integration/playbook.yml
@@ -8,8 +8,11 @@
     homedir: /home/vagrant
     ruby_version: '2.0.0-p598'
     ruby_versions:
-      - '2.0.0-p598'
-      - '2.3.0'
+      - '2.3.8'
+      - '2.5.9'
+      - '2.6.5'
+      - '2.7.1'
+      - 'ruby-head'
 #      - 'rbx-3.19'
 #      - 'jruby-9.0.5.0'
     rvm_install_path: '/usr/local/rvm'
diff --git a/test/integration/test_curve25519sha256.rb b/test/integration/test_curve25519sha256.rb
index b684c00..e2e38c2 100644
--- a/test/integration/test_curve25519sha256.rb
+++ b/test/integration/test_curve25519sha256.rb
@@ -33,6 +33,7 @@ unless ENV['NET_SSH_NO_ED25519']
               # We have our own sshd, give it a chance to come up before
               # listening.
               ret = Net::SSH.start("localhost", "net_ssh_1", password: 'foopwd', port: port, user_known_hosts_file: [f.path]) do |ssh|
+                assert_equal ssh.transport.algorithms.kex, "curve25519-sha256"
                 ssh.exec! "echo 'foo'"
               end
               assert_equal "foo\n", ret
diff --git a/test/integration/test_hmac_etm.rb b/test/integration/test_hmac_etm.rb
new file mode 100644
index 0000000..cb73133
--- /dev/null
+++ b/test/integration/test_hmac_etm.rb
@@ -0,0 +1,59 @@
+require_relative 'common'
+require 'fileutils'
+require 'tmpdir'
+
+require 'net/ssh'
+
+require 'timeout'
+
+# see Vagrantfile,playbook for env.
+# we're running as net_ssh_1 user password foo
+# and usually connecting to net_ssh_2 user password foo2pwd
+class TestHMacEtm < NetSSHTest
+  include IntegrationTestHelpers
+
+  variants = {
+    etm256: "hmac-sha2-256-etm@openssh.com",
+    etm512: "hmac-sha2-512-etm@openssh.com"
+  }
+
+  def config_with_macs(macs)
+    config_lines = File.read('/etc/ssh/sshd_config').split("\n")
+    config_lines = config_lines.map do |line|
+      if line =~ /^MACs/
+        "##{line}"
+      else
+        line
+      end
+    end
+    config_lines.push("MACs #{macs}")
+  end
+
+  variants.each do |key,variant|
+    define_method "test_with_only_hmac_etm#{key}" do
+      start_sshd_7_or_later(config: config_with_macs(variant)) do |_pid, port|
+        Timeout.timeout(4) do
+          begin
+            # We have our own sshd, give it a chance to come up before
+            # listening.
+            ret = Net::SSH.start(
+              "localhost",
+              "net_ssh_1",
+              password: 'foopwd',
+              port: port,
+              hmac: [variant]
+            ) do |ssh|
+              assert_equal ssh.transport.algorithms.hmac_client, variant
+              assert_equal ssh.transport.algorithms.hmac_server, variant
+              ssh.exec! "echo 'foo123'"
+            end
+            assert_equal "foo123\n", ret
+          rescue SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH
+            sleep 0.25
+            retry
+          end
+        end
+      end
+    end
+  end
+end
+\ No newline at end of file
author	Miklós Fazekas <mfazekas@szemafor.com>	2020-04-24 15:06:20 +0200
committer	GitHub <noreply@github.com>	2020-04-24 15:06:20 +0200
commit	36ce409a8fd9f5984030e188b7f8c5b9601377ba (patch)
tree	6ecdf8efc36b5d3a6ac27af43407f29bdc349a2c
parent	d37be56efa2d2bcfac78e318ed3c6aef521a2dad (diff)
parent	2da032676fdffc052cfa8adeba7b8640010e97ff (diff)
download	net-ssh-36ce409a8fd9f5984030e188b7f8c5b9601377ba.tar.gz