From c5792fe4a846fcd15fe2bae14d14f527f21ab0a0 Mon Sep 17 00:00:00 2001 From: Jeroen van Erp Date: Wed, 25 Jul 2018 10:34:52 +0200 Subject: [PATCH] Added Kex integration test --- README.adoc | 3 +- .../docker-image/test-container/sshd_config | 2 +- .../sshj/transport/kex/KexSpec.groovy | 46 +++++++++++++++++++ .../sshj/transport/kex/Curve25519SHA256.java | 17 ++++++- 4 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy diff --git a/README.adoc b/README.adoc index 3ecf1e2b..43cc6167 100644 --- a/README.adoc +++ b/README.adoc @@ -73,6 +73,7 @@ key exchange:: `diffie-hellman-group14-sha256`, `diffie-hellman-group15-sha512`, `diffie-hellman-group16-sha512`, `diffie-hellman-group17-sha512`, `diffie-hellman-group18-sha512` `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`, `curve25519-sha256@libssh.org` + SSHJ also supports the following extended (non official) key exchange algoriths: `diffie-hellman-group14-sha256@ssh.com`, `diffie-hellman-group15-sha256`, `diffie-hellman-group15-sha256@ssh.com`, `diffie-hellman-group15-sha384@ssh.com`, `diffie-hellman-group16-sha256`, `diffie-hellman-group16-sha384@ssh.com`, `diffie-hellman-group16-sha512@ssh.com`, `diffie-hellman-group18-sha512@ssh.com` @@ -81,7 +82,7 @@ signatures:: `ssh-rsa`, `ssh-dss`, `ecdsa-sha2-nistp256`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp521`, `ssh-ed25519` mac:: - `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160` + `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`, `hmac-sha2-256`, `hmac-sha2-512`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com` compression:: `zlib` and `zlib@openssh.com` (delayed zlib) diff --git a/src/itest/docker-image/test-container/sshd_config b/src/itest/docker-image/test-container/sshd_config index e42e3933..4f1931aa 100644 --- a/src/itest/docker-image/test-container/sshd_config +++ b/src/itest/docker-image/test-container/sshd_config @@ -128,5 +128,5 @@ Subsystem sftp /usr/lib/ssh/sftp-server # PermitTTY no # ForceCommand cvs server - +KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com diff --git a/src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy b/src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy new file mode 100644 index 00000000..cd1b2d2c --- /dev/null +++ b/src/itest/groovy/com/hierynomus/sshj/transport/kex/KexSpec.groovy @@ -0,0 +1,46 @@ +package com.hierynomus.sshj.transport.kex + +import com.hierynomus.sshj.IntegrationBaseSpec +import com.hierynomus.sshj.transport.mac.Macs +import net.schmizz.sshj.DefaultConfig +import net.schmizz.sshj.transport.kex.Curve25519DH +import net.schmizz.sshj.transport.kex.Curve25519SHA256 +import net.schmizz.sshj.transport.kex.DH +import net.schmizz.sshj.transport.kex.DHGexSHA1 +import net.schmizz.sshj.transport.kex.DHGexSHA256 +import net.schmizz.sshj.transport.kex.ECDH +import net.schmizz.sshj.transport.kex.ECDHNistP +import spock.lang.Unroll + +class KexSpec extends IntegrationBaseSpec { + + @Unroll + def "should correctly connect with #kex Key Exchange"() { + given: + def cfg = new DefaultConfig() + cfg.setKeyExchangeFactories(kexFactory) + def client = getConnectedClient(cfg) + + when: + client.authPublickey(USERNAME, KEYFILE) + + then: + client.authenticated + + where: + kexFactory << [DHGroups.Group1SHA1(), + DHGroups.Group14SHA1(), + DHGroups.Group14SHA256(), + DHGroups.Group16SHA512(), + DHGroups.Group18SHA512(), + new DHGexSHA1.Factory(), + new DHGexSHA256.Factory(), + new Curve25519SHA256.Factory(), + new Curve25519SHA256.FactoryLibSsh(), + new ECDHNistP.Factory256(), + new ECDHNistP.Factory384(), + new ECDHNistP.Factory521()] + kex = kexFactory.name + } + +} diff --git a/src/main/java/net/schmizz/sshj/transport/kex/Curve25519SHA256.java b/src/main/java/net/schmizz/sshj/transport/kex/Curve25519SHA256.java index 61bb42f7..69fa4b24 100644 --- a/src/main/java/net/schmizz/sshj/transport/kex/Curve25519SHA256.java +++ b/src/main/java/net/schmizz/sshj/transport/kex/Curve25519SHA256.java @@ -21,7 +21,7 @@ import java.security.GeneralSecurityException; public class Curve25519SHA256 extends AbstractDHG { /** Named factory for Curve25519SHA256 key exchange */ - public static class Factory + public static class FactoryLibSsh implements net.schmizz.sshj.common.Factory.Named { @Override @@ -35,6 +35,21 @@ public class Curve25519SHA256 extends AbstractDHG { } } + /** Named factory for Curve25519SHA256 key exchange */ + public static class Factory + implements net.schmizz.sshj.common.Factory.Named { + + @Override + public KeyExchange create() { + return new Curve25519SHA256(); + } + + @Override + public String getName() { + return "curve25519-sha256"; + } + } + public Curve25519SHA256() { super(new Curve25519DH(), new SHA256()); }