tests: Verify the hostkey ordering for negotiation is correct

Previously, not all of the host keys algorithms were used for algorithm negotiation. This verifies the algorithms list is sane and ordered with the key types from known hosts in the first place. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-18 16:18:22 +02:00 · 2018-10-18 16:18:22 +02:00 · bdb3bb9ccd
--- a/include/libssh/kex.h
+++ b/include/libssh/kex.h
@ -45,5 +45,6 @@ char *ssh_find_matching(const char *in_d, const char *what_d);
 const char *ssh_kex_get_supported_method(uint32_t algo);
 const char *ssh_kex_get_default_methods(uint32_t algo);
 const char *ssh_kex_get_description(uint32_t algo);
+char *ssh_client_select_hostkeys(ssh_session session);

 #endif /* KEX_H_ */
--- a/src/kex.c
+++ b/src/kex.c
@ -606,7 +606,7 @@ void ssh_list_kex(struct ssh_kex_struct *kex) {
 * @returns a cstring containing a comma-separated list of hostkey methods.
 *          NULL if no method matches
 */
-static char *ssh_client_select_hostkeys(ssh_session session)
+char *ssh_client_select_hostkeys(ssh_session session)
 {
    char methods_buffer[128]={0};
    char tail_buffer[128]={0};
--- a/tests/unittests/torture_knownhosts_parsing.c
+++ b/tests/unittests/torture_knownhosts_parsing.c
@ -277,6 +277,33 @@ static void torture_knownhosts_host_exists(void **state)
    ssh_free(session);
 }

+static void
+torture_knownhosts_algorithms(void **state)
+{
+    const char *knownhosts_file = *state;
+    char *algo_list = NULL;
+    ssh_session session;
+    const char *expect = "ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521,"
+                         "ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"
+#ifdef HAVE_DSA
+                         ",ssh-dss"
+#endif
+    ;
+
+    session = ssh_new();
+    assert_non_null(session);
+
+    ssh_options_set(session, SSH_OPTIONS_HOST, "localhost");
+    ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, knownhosts_file);
+
+    algo_list = ssh_client_select_hostkeys(session);
+    assert_non_null(algo_list);
+    assert_string_equal(algo_list, expect);
+    free(algo_list);
+
+    ssh_free(session);
+}
+
 int torture_run_tests(void) {
    int rc;
    struct CMUnitTest tests[] = {
@ -292,6 +319,9 @@ int torture_run_tests(void) {
        cmocka_unit_test_setup_teardown(torture_knownhosts_host_exists,
                                        setup_knownhosts_file,
                                        teardown_knownhosts_file),
+        cmocka_unit_test_setup_teardown(torture_knownhosts_algorithms,
+                                        setup_knownhosts_file,
+                                        teardown_knownhosts_file),
    };

    ssh_init();