config: support for MACs

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

src/config.c

@@ -49,6 +49,7 @@ enum ssh_config_opcode_e {
   SOC_USERNAME,
   SOC_IDENTITY,
   SOC_CIPHERS,
+  SOC_MACS,
   SOC_COMPRESSION,
   SOC_TIMEOUT,
   SOC_PROTOCOL,
@@ -85,6 +86,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "user", SOC_USERNAME },
   { "identityfile", SOC_IDENTITY },
   { "ciphers", SOC_CIPHERS },
+  { "macs", SOC_MACS },
   { "compression", SOC_COMPRESSION },
   { "connecttimeout", SOC_TIMEOUT },
   { "protocol", SOC_PROTOCOL },
@@ -420,6 +422,13 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
         ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, p);
       }
       break;
+    case SOC_MACS:
+      p = ssh_config_get_str_tok(&s, NULL);
+      if (p && *parsing) {
+        ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, p);
+        ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, p);
+      }
+      break;
     case SOC_COMPRESSION:
       i = ssh_config_get_yesno(&s, -1);
       if (i >= 0 && *parsing) {

tests/unittests/torture_config.c

@@ -15,6 +15,7 @@
 #define PROXYCMD "ssh -q -W %h:%p gateway.example.com"
 #define ID_FILE "/etc/xxx"
 #define KEXALGORITHMS "ecdh-sha2-nistp521,diffie-hellman-group14-sha1"
+#define MACS "hmac-sha1,hmac-sha2-256"
 
 static int setup_config_files(void **state)
 {
@@ -32,7 +33,8 @@ static int setup_config_files(void **state)
                        "ProxyCommand "PROXYCMD"\n\n");
     torture_write_file(LIBSSH_TESTCONFIG3,
                        "\n\nIdentityFile "ID_FILE"\n"
-                       "\n\nKexAlgorithms "KEXALGORITHMS"\n");
+                       "\n\nKexAlgorithms "KEXALGORITHMS"\n"
+                       "\n\nMACs "MACS"\n");
 
     /* Multiple Port settings -> parsing returns early. */
     torture_write_file(LIBSSH_TESTCONFIG4,
@@ -89,6 +91,9 @@ static void torture_config_from_file(void **state) {
     ssh_string_free_char(v);
 
     assert_string_equal(session->opts.wanted_methods[SSH_KEX], KEXALGORITHMS);
+
+    assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], MACS);
+    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], MACS);
 }
 
 /**

tests/unittests/torture_options.c

@@ -96,6 +96,14 @@ static void torture_options_set_macs(void **state) {
     assert_true(rc == 0);
     assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1");
 
+    /* Test multiple known MACs */
+    rc = ssh_options_set(session,
+                         SSH_OPTIONS_HMAC_S_C,
+                         "hmac-sha1,hmac-sha2-256");
+    assert_true(rc == 0);
+    assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
+                        "hmac-sha1,hmac-sha2-256");
+
     /* Test unknown MACs */
     rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1,unknown@example.com");
     assert_true(rc == 0);